359 matches found
CVE-2022-24395
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
CVE-2022-24395
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
SAP Enterprise Portal 跨站脚本漏洞
SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information and business processes across organizational and technological boundaries. A cross-site scripting vulnerability exists in SAP...
CVE-2022-22534
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the...
PT-2022-15504 · Sap · Sap Netweaver
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: The issue is caused by insufficient encoding of user input, allowing an unauthenticated attacker to inject code. This can expose sensitive data, such as user id and password. The...
CVE-2022-22529
SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...
CVE-2022-22529
SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...
PT-2022-15498 · Sap · Sap Enterprise Threat Detection +1
Name of the Vulnerable Software and Affected Versions: SAP Enterprise Threat Detection ETD version 2.0 Description: The issue arises from insufficient encoding of user-controlled inputs, potentially leading to an unauthorized attacker exploiting an XSS vulnerability. However, the UIs in ETD utili...
CVE-2021-38183
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in...
SAP Contact Center Cross-Site Scripting Vulnerability (CNVD-2023-00364)
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could exploit the...
SAP Contact Center Cross-Site Scripting Vulnerability
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could use the vulnerability ...
CVE-2021-33691
NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim ha...
CVE-2021-33694
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting...
CVE-2021-33675
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...
CVE-2021-33674
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability when creating a new email and to execute arbitrary code on the victim's browser...
CVE-2021-33673
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...
SAP Contact Center 跨站脚本漏洞
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could use the vulnerability ...
SAP Contact Center 跨站脚本漏洞
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could exploit the...
SAP Contact Center 跨站脚本漏洞
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could exploit the...
SAP ERP 跨站脚本漏洞
SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A cross-site scripting vulnerability exists in SAP Cloud Connector version 2.0, which arises from a program that does not adequately encode user-controlled input, and can be exploited by an attacker with...