CVE-2024-33527

The CVE-2024-33527 entry describes a Stored Cross-site Scripting (XSS) flaw in ILIAS 7.x prior to 7.30 and 8.x prior to 8.11, exploitable by remote authenticated attackers with administrative privileges via XML file uploads in the Import of Users and login name of user feature. Affected component...

VulnCheck KEV: CVE-2021-42063

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

Cross site scripting

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

SAP Enterprise Portal 跨站脚本漏洞

SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information and business processes across organizational and technological boundaries. A cross-site scripting vulnerability in SAP Enterprise...

SAP NetWeaver Portal 跨站脚本漏洞

SAP NetWeaver Portal is a component of SAP NetWeaver architecture from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Portal versions 7.30, 7.31, 7.40, and 7.50, which stems from a failure to adequately validate user-controlled input, and which can be exploited by an...

CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...

CVE-2021-42063

SAP Knowledge Warehouse (versions 7.30, 7.31, 7.40, 7.50) contains a reflected Cross‑Site Scripting vulnerability that can be triggered via a SAP KW component used in a web browser. The issue could allow attackers to inject scripts and potentially disclose sensitive data. Affected endpoint detail...

PT-2021-23601 · Xorux · Lpar2Rrd +1

Name of the Vulnerable Software and Affected Versions: LPAR2RRD and STOR2RRD versions prior to 7.30 Description: The issue concerns a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD. Recommendations: For versions prior to 7.30, update to version 7.30 or later to resolve the...

Cross site scripting

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting XSS vulnerability...

SAP NetWeaver AS JAVA Information Disclosure (3023299)

SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...

SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...

Design/Logic Flaw

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

CVE-2021-21488

CVE-2021-21488 affects SAP NetWeaver Knowledge Management Configuration Service versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50. The issue is insecure/deserialization of user-controlled data by a remote attacker with basic privileges, leading to attacker-controlled code execution and an impact on ava...

SAP NetWeaver AS Java Multiple XSS (2953112)

The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple cross-site scripting vulnerabilities, as follows: - SAP NetWeaver Application Server JAVA XML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an...

CVE-2020-6326

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

Cross site scripting

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

Unrestricted file upload

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

SAP NetWeaver AS Java Command Execution Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...

Path traversal

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

Path traversal

SAP NetWeaver UDDI Server Services Registry, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to...