Severity: low Description:
An improper neutralization of input during web page generation ('Cross-site
Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may
allow an authenticated remote attacker to perform a reflected cross site
scripting (XSS) attack in the taxonomy management feature.
This issue is being tracked as SLING-11622
Mitigation:
Upgrade to Apache Sling App CMS >= 1.1.2
Credit:
Apache Sling would like to thank QSec-Team for reporting this issue
