Lucene search
K

267 matches found

NVD
NVD
added 2023/04/11 3:15 a.m.23 views

CVE-2023-27499

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

6.1CVSS6AI score0.00445EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 3:15 a.m.22 views

Cross site scripting

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

5.8CVSS5.9AI score0.00445EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/04/11 2:48 a.m.11 views

CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

6.1CVSS5.8AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/11 2:48 a.m.25 views

CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

6.1CVSS6.1AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2023/04/11 2:48 a.m.51 views

CVE-2023-27499

SAP GUI for HTML is affected by a reflected XSS due to insufficient encoding of user-controlled inputs. AFFECTED versions include KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91 and KRNL64UC (including 7.22EXT). An attacker can lure a user to click a crafted URL and execute script in the us...

6.1CVSS6AI score0.00445EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.4 views

SAP GUI 跨站脚本漏洞

SAP GUI is an application from SAP, a German company. graphical user interface for SAP systems. A cross-site scripting vulnerability exists in SAP GUI for HTML, which stems from not adequately cleaning up user-controlled input. The following versions are affected: KERNEL versions 7.22, 7.53, 7.54...

6.1CVSS5.3AI score0.00445EPSS
Exploits0References3
CNVD
CNVD
added 2022/11/10 12:0 a.m.32 views

SAP GUI OS Command Injection Vulnerability

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

6.1CVSS3.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2022/11/08 10:15 p.m.24 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

6.1CVSS0.00208EPSS
Exploits0References2
OSV
OSV
added 2022/11/08 10:15 p.m.6 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2022/11/08 10:15 p.m.25 views

Code injection

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

3.2CVSS6.3AI score0.00208EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.11 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.25 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

5.5CVSS6.6AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.7 views

PT-2022-25728 · Sap · Sap Gui

Name of the Vulnerable Software and Affected Versions: SAP GUI affected versions not specified Description: The issue allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries, which can cause a limited impact ...

6.1CVSS6.2AI score0.00208EPSS
Exploits0References7
OSV
OSV
added 2022/09/13 4:15 p.m.3 views

CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

6.1CVSS5.7AI score0.00433EPSS
Exploits0References2
NVD
NVD
added 2022/09/13 4:15 p.m.20 views

CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

6.1CVSS0.00433EPSS
Exploits0References2
Prion
Prion
added 2022/09/13 4:15 p.m.23 views

Cross site scripting

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

5.8CVSS6AI score0.00433EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/13 3:43 p.m.3 views

CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

6.1AI score0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/13 3:43 p.m.23 views

CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

6.2AI score0.00433EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.8 views

PT-2022-24996 · Sap · Sap Gui For Html

Name of the Vulnerable Software and Affected Versions: SAP GUI for HTML affected versions not specified Description: The issue allows an attacker with no prior authentication to craft and send malicious scripts to SAP GUI for HTML within Fiori Launchpad, resulting in a reflected cross-site...

6.1CVSS6AI score0.00433EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.5 views

SAP GUI 跨站脚本漏洞

SAP GUI is a software application from SAP, a German company. graphical user interface for SAP systems. A cross-site scripting vulnerability exists in SAP GUI that originates from a malicious script that can be written for HTML in Fiori Launchpad and sent to SAP GUI, which can be exploited by an...

6.1CVSS6AI score0.00433EPSS
Exploits0References5
Rows per page
Query Builder