CVE-2020-6305

PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

CVE-2020-6222

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2020-6201

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...

CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2019-0361

SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0298

SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...

SAP Data Services Management Console 跨站脚本漏洞

SAP Data Services Management Console is a console for managing and monitoring data services. A cross-site scripting vulnerability exists in SAP Data Services Management Console that stems from the system failing to adequately encode user-controlled input. An attacker could exploit the vulnerabili...

CVE-2025-26653

SAP NetWeaver Application Server ABAP is affected by a Stored XSS due to insufficient encoding of user-controlled inputs. Affected component: SAP NetWeaver AS ABAP (applications based on SAP GUI for HTML). Impact: attacker can inject and execute malicious JavaScript in a victim’s browser, comprom...

SAP NetWeaver Server ABAP 跨站脚本漏洞

SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...

Cross-site Scripting (XSS)

codingms/additional-tca is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input encoding due to a logged-in backend user being able to inject HTML content through the TYPO3 backend user interface, leading to potential XSS attacks...

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server that stems from insufficiently encoded user input and could lead to a cross-site scripting attack...

Cross-site Scripting (XSS)

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding of request parameters in the debug-mode error page. When the application runs with APPDEBUG=true and encounters an error, the...

Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.4: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

DEBIAN-CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

The vulnerability of the SAP Business Warehouse data management and analytics system lies in the insufficient encoding of user input data, which allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the SAP Business Warehouse data management and analytics system is related to insufficient encoding of user input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...