CVE-2023-22849

CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components

Vendor Apache Software Foundation
Product Apache Sling App CMS
Weakness CWE-79 · XSS
Published February 4, 2023
Last update March 25, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

Key dates

Disclosure timeline

February 4, 2023 CVE published
March 25, 2025 Record updated