{"schema_version": "1.6.1", "id": "CVE-2022-43670", "summary": "XSS in Sling CMS Reference App Taxonomy Path", "details": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. ", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "1.1.2"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"}]}