SAP Contact Center 跨站脚本漏洞

SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could exploit the...

SAP Contact Center 跨站脚本漏洞

SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could exploit the...

SAP ERP 跨站脚本漏洞

SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A cross-site scripting vulnerability exists in SAP Cloud Connector version 2.0, which arises from a program that does not adequately encode user-controlled input, and can be exploited by an attacker with...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 suffers from an access control error vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

TYPO3 SQL注入漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

TYPO3 信息泄露漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 has an information disclosure vulnerability that stems from a failure to properly encode user input, which could be exploited by an attacker to obtain sensitive data for API...

CVE-2021-27658

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

CVE-2021-27659

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

CVE-2021-33664

SAP NetWeaver Application Server ABAP Applications based on Web Dynpro ABAP, versions - SAPUI - 750,752,753,754,755, SAPBASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2021-33665

SAP NetWeaver Application Server ABAP Applications based on SAP GUI for HTML, versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

PT-2021-14556 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for ABAP Web Survey versions 700 through 75F Description: The issue arises from insufficient encoding of input and output parameters, leading to a reflected cross-site scripting vulnerability. This allows a malicious user to...

Plone cross-site scripting vulnerability (CNVD-2021-37279)

Plone is a foreign open source CMS system suitable for enterprise-level applications. A cross-site scripting vulnerability exists in the user full name attribute and file upload functionality in Plone CMS versions prior to 5.2.4. The vulnerability stems from user input that is not properly encode...

UBUNTU-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

SAP Commerce Cloud Cross-Site Scripting Vulnerability

SAP Commerce Cloud is a cloud-based e-commerce platform. A cross-site script execution vulnerability exists in SAP Commerce Cloud versions 1808, 1811, 1905, and 2005. The vulnerability stems from the program not properly encoding user input. An attacker could exploit this recording vulnerability ...

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...

CVE-2020-6323

SAP NetWeaver Enterprise Portal Fiori Framework Page versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the...

Mail.ru: [delivery.city-mobil.ru] Stored XSS into support request comment

Stored XSS in support request comment functionality on delivery.city-mobil.ru Citymobil corporate user could use delivery.city-mobil.ru API for submitting data. It led to bypass input-encoding filters of corporate.city-mobil.ru and stored XSS appeared at corporate.city-mobil.ru...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...