CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

CVE-2023-0021

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed...

PT-2023-15953 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver versions 700 through 750 Description: The issue is caused by insufficient encoding of user input, allowing an unauthenticated attacker to inject code. This can expose sensitive data, such as user id and password, and may lead to...

USN-5870-1 APR-util vulnerability

Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...

CVE-2023-23852

SAP Solution Manager System Monitoring - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2023-23852

SAP Solution Manager System Monitoring - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

PT-2023-19253 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager System Monitoring version 720 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting XSS issue. This allows for the execution of malicious scripts within...

PT-2023-19673 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions WEBCUIF 748, 800, 801, S4FND 102, 103 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability. On successful exploitation, an...

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

CVE-2023-0013 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

SAP NetWeaver Application Server 跨站脚本漏洞

A cross-site scripting vulnerability exists in SAP NetWeaver Application Server, an application server from SAP, which stems from an ABAP keyword document that does not adequately encode user-controlled input and can be exploited to cause Cross-site scripting attack...

SEPPmail 跨站脚本漏洞

SEPPmail is an email encryption and signing solution from the Swiss company SEPPmail. A security vulnerability exists in SEPPmail version 11.1.10, which stems from a cross-site scripting vulnerability XSS in which user input is not properly encoded as HTML attributes when returned by the server...

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

Design/Logic Flaw

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

PT-2022-25773 · Sap · Sap Financial Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Financial Consolidation version 1010 Description: The issue arises from insufficient encoding of user-controlled input, allowing an unauthenticated attacker to inject a web script via a GET request. Successful exploitation can lead to an...

SAP Financial Consolidation 跨站脚本漏洞

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. A cross-site scripting vulnerability exists in SAP Financial Consolidation versio...

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

PT-2022-10050 · Seppmail · Seppmail

Name of the Vulnerable Software and Affected Versions: SEPPmail version 11.1.10 Description: The issue arises from incorrect encoding of user input in HTML attributes when returned by the server, leading to a Cross-Site Scripting XSS vulnerability. This allows XSS via a recipient address...