EUVD-2020-27520

Malware in sbrugna...

CVE-2023-33984

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984 Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984

SAP NetWeaver (Design Time Repository) v7.50 is affected. The issue arises from returning an unfavorable content type for certain versioned files, enabling an authorized attacker to create a file containing malicious content and share a link resulting in cross-site scripting (XSS). Public referen...

PT-2023-3744 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Design Time Repository version 7.50 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to inject arbitrary HTML code. This could enable an authorized attacker to...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

Input validation

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

CVE-2022-29618

The connected records confirm a cross-site scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository) affecting versions 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient input validation that lets an unauthenticated attacker inject script into the URL, ...

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...