Description
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/11/02/8
https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs
Related Vulnerabilities
CVE-2016-3092 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2020-2111 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2021-4306 Vulnerability in npm package terminal-kit
CVE-2023-50777 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate