apache sling_cms CVE Vulnerabilities (4)

CVEs: 4 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting apache sling_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-22849 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 [email protected] 6.1 1.44% 2023-02-04 2026-06-17
CVE-2022-46769 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 [email protected] 5.4 1.38% 2023-01-09 2026-06-17
CVE-2022-43670 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. [email protected] 5.4 1.39% 2022-11-02 2026-06-17
CVE-2020-1949 Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. [email protected] 6.1 1.97% 2020-04-01 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence