Описание
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingMailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Issue TrackingMailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (включая)
cpe:2.3:a:apache:sling_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Apache Sling App CMS vulnerable to Cross-site Scripting
EPSS
Процентиль: 57%
0.00349
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79