CVE-2023-22849
- EPSS 0.16%
- Published 04.02.2023 21:15:09
- Last modified 25.03.2025 19:15:41
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attac...
CVE-2022-46769
- EPSS 0.19%
- Published 09.01.2023 11:15:10
- Last modified 09.04.2025 20:15:22
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attac...
CVE-2022-43670
- EPSS 0.18%
- Published 02.11.2022 13:15:19
- Last modified 02.05.2025 21:15:22
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attac...
CVE-2020-1949
- EPSS 1.83%
- Published 01.04.2020 19:15:14
- Last modified 21.11.2024 05:11:42
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.