PT-2023-18724 · Apache · Sling App Cms

Publicado

2023-02-04

·

Atualizado

2025-03-25

·

CVE-2023-22849

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Sling App CMS versions 1.1.4 and prior
Description The issue is related to an improper neutralization of input during web page generation, which may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.
Recommendations For Sling App CMS versions 1.1.4 and prior, upgrade to Apache Sling App CMS >= 1.1.6.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-22849
GHSA-RGHH-GHF7-7943

Produtos afetados

Sling App Cms