PT-2024-29906 · Sap · Sap S/4Hana Eprocurement

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA eProcurement affected versions not specified Description: The issue is due to weak encoding of user-controlled inputs, allowing malicious scripts to be executed in the application. This can potentially lead to a Reflected Cross-Si...

CVE-2024-41735

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability causing low impact on confidentiality and integrity of the application...

PT-2024-29545 · Sap · Sap Commerce Backoffice

Name of the Vulnerable Software and Affected Versions: SAP Commerce Backoffice affected versions not specified Description: The issue is related to the insufficient encoding of user-controlled inputs in the SAP Commerce Backoffice application, resulting in a Cross-Site Scripting XSS vulnerability...

CVE-2024-39595

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause lo...

CVE-2024-39594

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the...

CVE-2024-37174

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

SAP NetWeaver 跨站脚本漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A cross-site scripting vulnerability exists in SAP NetWeaver Knowledge Management XMLEditor, which stems...

PT-2024-26105 · Sap · Sap Netweaver Knowledge Management Xmleditor

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Knowledge Management XMLEditor affected versions not specified Description: The issue is due to weak encoding of user-controlled input in the SAP NetWeaver Knowledge Management XMLEditor, allowing malicious scripts to be execute...

PT-2024-9861 · Sap · Sap Business Warehouse - Business Planning/Simulation

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse - Business Planning and Simulation affected versions not specified Description: The issue is related to insufficient encoding of user-controlled inputs in the SAP Business Warehouse - Business Planning and Simulation...

Cross-site Scripting (XSS)

TYPO3 CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to failing to properly encode user input in multiple areas of the CMS, allowing attackers to inject malicious scripts...

Cross-Site Scripting in TYPO3 CMS

Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting...

GHSA-5GR6-97FV-52CC Cross-Site Scripting in TYPO3 CMS

Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting...

GHSA-HQ37-RFJC-MR8H Cross-Site Scripting (XSS) in TYPO3 Backend

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input encoding of notifications shown in modal windows within the TYPO3 backend, which allows an attacker with a valid backend user account to execute arbitrary JavaScript in a users browser...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site scripting XSS. The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the browser...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input encoding, which can result in XSS when rendering files from .youtube or .vimeo. Exploitation requires a valid backend user account or write access on the server system e.g., SFTP...

TYPO3 Cross-Site Scripting in Frontend User Login

Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template...

PT-2024-40283 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises from the failure to properly encode user input, making notifications shown in modal windows in the backend susceptible to cross-site scripting. A valid backend user account i...

PT-2024-40498 · Unknown · Online Media Asset Rendering

Name of the Vulnerable Software and Affected Versions: Online media asset rendering affected versions not specified Description: The issue arises from the failure to properly encode user input, making online media asset rendering vulnerable to cross-site scripting, particularly for .youtube and...

PT-2024-40060 · Form · Form

Name of the Vulnerable Software and Affected Versions: form affected versions not specified Description: The issue arises from the improper encoding of user input in frontend forms handled by the form framework, leading to cross-site scripting. Recommendations: At the moment, there is no...