Sling Cms Apache Sling Cms

Do you want an email whenever new security vulnerabilities are reported in Apache Sling Cms?

By the Year

In 2023 there have been 2 vulnerabilities in Apache Sling Cms with an average score of 5.8 out of ten. Last year Sling Cms had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.35.

Year Vulnerabilities Average Score
2023 2 5.75
2022 1 5.40
2021 0 0.00
2020 1 6.10
2019 0 0.00
2018 0 0.00

It may take a day or so for new Sling Cms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Sling Cms Security Vulnerabilities

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may

CVE-2023-22849 6.1 - Medium - February 04, 2023

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

XSS

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may

CVE-2022-46769 5.4 - Medium - January 09, 2023

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

XSS

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may

CVE-2022-43670 5.4 - Medium - November 02, 2022

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

XSS

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector

CVE-2020-1949 6.1 - Medium - April 01, 2020

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Sling Cms or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe