2 matches found
CVE-2023-4932
The CVE-2023-4932 entry is supported by multiple connected sources confirming a Reflected Cross-Site Scripting (XSS) flaw in SAS Stored Process Web Application. Affected software: SAS 9.4_M7 and 9.4_M8. Root cause: improper input validation in the _program parameter of the /SASStoredProcess/do en...
CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4
SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...