Description
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
Remediation
References
https://sling.apache.org/news.html
Related Vulnerabilities
CVE-2018-6874 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2019-10087 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2023-40027 Vulnerability in npm package @keystone-6/core
CVE-2016-6637 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2022-26477 Vulnerability in maven package org.apache.systemds:systemds