CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

OSV•added 2020/07/14 1:15 p.m.•0 views

CVE-2020-6276

SAP Business Objects Business Intelligence Platform bipodata, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

6.1CVSS5.8AI score0.00166EPSS

Exploits0References2

Typo3•added 2020/07/07 12:0 a.m.•23 views

Multiple vulnerabilities in extension "mm_forum" (mm_forum)

The extension fails to properly encode user input for output in HTML context. Also the extension fails to implement a CSRF protection for update profile plugin...

5.8CVSS5.6AI score0.00113EPSS

Exploits0Affected Software1

OSV•added 2020/06/10 1:15 p.m.•1 views

CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTTABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.8AI score

Exploits0References2

Hacker One•added 2020/05/02 6:59 a.m.•22 views

Mail.ru: [panel.city-mobil.ru/admin/] Blind XSS via partner name (similar to #746505)

It was possible to cause XSS condition in admin panel of Citymobil by setting malformed partner name in https://fleet.city-mobil.ru/front/ The issue is really similar to 746505. The original issue was exploited via editing an existed user - we could add blind XSS payload during user editing. The...

0.6AI score

Exploits0

NVD•added 2020/04/24 11:15 p.m.•11 views

CVE-2020-6213

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTPHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting XSS via different URL parameters as it does not sufficiently encode user controlled inputs...

6.1CVSS5.9AI score0.00191EPSS

Exploits0References2

OSV•added 2020/04/14 8:15 p.m.•0 views

CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•0 views

CVE-2020-6216

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score0.00243EPSS

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•0 views

CVE-2020-6222

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS6AI score

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•0 views

CVE-2020-6229

SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score

Exploits0References2

OSV•added 2020/03/10 9:15 p.m.•0 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.6AI score

Exploits0References2

NVD•added 2020/03/10 9:15 p.m.•12 views

CVE-2020-6201

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

6.1CVSS6.2AI score0.00371EPSS

Exploits0References2

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...

5.4CVSS6AI score0.0025EPSS

Exploits0References1

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34406)

5.4CVSS6AI score0.0025EPSS

Exploits0References1

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Reflective Cross-Site Scripting Vulnerability (CNVD-2019-34409)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A reflected cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2 and 4.3. The vulnerability stems from the product...

5.4CVSS6.2AI score0.00387EPSS

Exploits0References1

NVD•added 2019/10/08 8:15 p.m.•11 views

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.0025EPSS

Exploits0References2

NVD•added 2019/10/08 8:15 p.m.•9 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

5.4CVSS5.3AI score0.0025EPSS

Exploits0References2

OSV•added 2019/10/08 8:15 p.m.•0 views

CVE-2019-0369

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability...

5.4CVSS5.4AI score0.00287EPSS

Exploits0References2

OSV•added 2019/10/08 8:15 p.m.•2 views

CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

5.4CVSS6.2AI score0.00387EPSS

Exploits0References2

OSV•added 2019/10/08 8:15 p.m.•0 views

CVE-2019-0368

SAP Customer Relationship Management Email Management, versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability...

5.4CVSS6.1AI score

Exploits0References2

Cvelist•added 2019/10/08 7:25 p.m.•17 views

CVE-2019-0378

5.4AI score0.0025EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by