CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting XSS vulnerability leading to limited impact on...

CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting XSS vulnerability leading to limited impact on...

SAP Enable Now 跨站脚本漏洞

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now 10 version 1. The vulnerability stems from failure to...

CVE-2022-35298

SAP NetWeaver Enterprise Portal KMC - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the...

PT-2022-22697 · Sap · Sap Netweaver Enterprise Portal

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal KMC version 7.50 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting vulnerability. The KMC servlet is vulnerable to XSS attacks, which could...

GHSA-V65G-F3CJ-FJP4 Regular expression denial of service in eth-account

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

CVE-2022-35225

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

CVE-2022-35225

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

CVE-2022-35172

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2022-35170

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

CVE-2022-35172

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2022-35170

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

SAP NetWeaver和SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a product of SAP, Germany.SAP NetWeaver Enterprise Portal is a Web front-end component for SAP NetWeaver. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, which stems from a...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

CVE-2022-27656

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager ICM does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

XSS in /demo/module/?module=HERE

Description Reflected XSS in /demo/module/?module= bypass of fix for CVE-2022-1439 Proof of Concept In this report I showed an XSS and while one of the filter evasion mechanisms was fixed, the root cause persists to allow other payloads. As I mentioned there are event handlers which are unblocked...

CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...

CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...