QwikSec

Security Database

CVE

CWE

Training

CVE-2022-43670

Published: Nov 2, 2022

Modified: May 2, 2025

PUBLISHED

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

Vendor	Product	Versions
Apache Software Foundation	Apache Sling App CMS	affected `unspecified - < 1.1.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs

[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.