cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-45064,https://securityvulnerability.io/vulnerability/CVE-2022-45064,Apache Sling Engine: Include-based XSS,"A notable vulnerability exists in the Apache Sling Engine where the SlingRequestDispatcher fails to correctly implement the RequestDispatcher API. This flaw creates opportunities for a generic type of include-based cross-site scripting attacks at the Apache Sling level. Attackers can exploit this vulnerability by including a resource with specific content-types and controlling the include path. This unauthorized access can lead to serious consequences, such as privilege escalation to administrative roles. To mitigate this risk, it is crucial to update to Apache Sling Engine version 2.14.0 or later and to enable the 'Check Content-Type overrides' configuration option.",Apache,Apache Sling Engine,8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2023-04-13T10:01:14.502Z,0