cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22849,https://securityvulnerability.io/vulnerability/CVE-2023-22849,Apache Sling App CMS: XSS in CMS Reference / UI Components,"An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.

Upgrade to Apache Sling App CMS >= 1.1.6
",Apache,Apache Sling App CMS,6.1,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2023-02-04T21:15:00.000Z,0
CVE-2022-46769,https://securityvulnerability.io/vulnerability/CVE-2022-46769,Apache Sling App CMS: XSS in CMS Site Group Detail,"An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.

Upgrade to Apache Sling App CMS >= 1.1.4 
",Apache,Apache Sling App Cms,5.4,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-01-09T10:14:56.823Z,0
CVE-2022-43670,https://securityvulnerability.io/vulnerability/CVE-2022-43670,XSS in Sling CMS Reference App Taxonomy Path,An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.,Apache,Apache Sling App Cms,5.4,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0