359 matches found
CVE-2020-6201
The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...
CVE-2020-6272
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...
CVE-2020-6217
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-0361
SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0298
SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...
Umbraco Forms 安全漏洞
Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...
SAP Data Services Management Console 跨站脚本漏洞
SAP Data Services Management Console is a console for managing and monitoring data services. A cross-site scripting vulnerability exists in SAP Data Services Management Console that stems from the system failing to adequately encode user-controlled input. An attacker could exploit the vulnerabili...
CVE-2025-26653
SAP NetWeaver Application Server ABAP is affected by a Stored XSS due to insufficient encoding of user-controlled inputs. Affected component: SAP NetWeaver AS ABAP (applications based on SAP GUI for HTML). Impact: attacker can inject and execute malicious JavaScript in a victim’s browser, comprom...
SAP NetWeaver Server ABAP 跨站脚本漏洞
SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...
Cross-site Scripting (XSS)
codingms/additional-tca is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input encoding due to a logged-in backend user being able to inject HTML content through the TYPO3 backend user interface, leading to potential XSS attacks...
SAP NetWeaver Application Server 跨站脚本漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server that stems from insufficiently encoded user input and could lead to a cross-site scripting attack...
Cross-site Scripting (XSS)
Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding of request parameters in the debug-mode error page. When the application runs with APPDEBUG=true and encounters an error, the...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Upgrade to 17.4: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
DEBIAN-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2024-47594
SAP NetWeaver Enterprise Portal KMC does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link,...
CVE-2024-45278
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
PT-2024-7174 · Sap · Sap Commerce Backoffice
Name of the Vulnerable Software and Affected Versions: SAP Commerce Backoffice affected versions not specified Description: The issue is related to the lack of proper encoding of user-controlled inputs in the SAP Commerce Backoffice web application, leading to a Cross-Site Scripting XSS...
VulnCheck KEV: CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...