CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

CVE-2019-0368

SAP Customer Relationship Management Email Management, versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability...

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...

CVE-2019-0361

SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

PT-2019-4588 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP Basis versions 7.31, 7.4, 7.5 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited by a remote attacker to perform cross-site...

CVE-2019-0275

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...

CVE-2019-0251

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0254

SAP Disclosure Management before version 10.1 Stack 1301 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

SAP Commerce Cross-Site Scripting Vulnerability

SAP Commerce is a suite of e-commerce solutions from SAP Germany. The product includes components for product content management, experience management, personalization and order management. A cross-site scripting vulnerability exists in SAP Commerce versions prior to 6.7, which arises from a...

SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...

SAP CRM WebClient UI Cross-Site Scripting Vulnerability (CNVD-2019-04862)

SAP CRM Customer Relationship Management is a set of German SAP SAP company's customer relationship management solutions. The program includes sales management, marketing management, customer service systems and other modules. SAPSCORE, S4FND and WEBCUIF are among the Web client interface...

CVE-2019-0244

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0245

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-2486

SAP Marketing UICUAN 1.20, 1.30, 1.40, SAPSCORE 1.13, 1.14 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from Germany's SAP, which features report generation, analytics, data visualization, and more. A cross-site scripting vulnerability in SAP BusinessObjects Business...

CVE-2018-2479

SAP BusinessObjects Business Intelligence Platform BIWorkspace, versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. An...

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

CVE-2018-2470

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-2464

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting XSS vulnerability...