QwikSec

Security Database

CVE

CWE

Training

CVE-2022-46769

Published: Jan 9, 2023

Modified: Apr 9, 2025

PUBLISHED

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

Vendor	Product	Versions
Apache Software Foundation	Apache Sling App CMS	affected `0 - < 1.1.4`

Weaknesses (CWE)

References

https://sling.apache.org/news.html

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.