Severity: low Description:
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. This issue is being tracked as SLING-11622 Mitigation: Upgrade to Apache Sling App CMS >= 1.1.2 Credit: Apache Sling would like to thank QSec-Team for reporting this issue