Apache Sling Cms
By the Year
In 2024 there have been 0 vulnerabilities in Apache Sling Cms . Last year Sling Cms had 2 security vulnerabilities published. Right now, Sling Cms is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.75 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Sling Cms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Sling Cms Security Vulnerabilities
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may
CVE-2023-22849
6.1 - Medium
- February 04, 2023
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6
XSS
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may
CVE-2022-46769
5.4 - Medium
- January 09, 2023
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
XSS
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may
CVE-2022-43670
5.4 - Medium
- November 02, 2022
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
XSS
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector
CVE-2020-1949
6.1 - Medium
- April 01, 2020
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Sling Cms or by Apache? Click the Watch button to subscribe.
