CVE-2022-43670

CVE-2022-43670: XSS in Sling CMS Reference App Taxonomy Path

Vendor Apache Software Foundation
Product Apache Sling App CMS
Weakness CWE-79 · XSS
Published November 2, 2022
Last update May 2, 2025

CVSS base score

What the vulnerability does

01Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

Key dates

02Disclosure timeline

November 2, 2022 CVE published
May 2, 2025 Record updated

Related vulnerabilities

04Related CVE