CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

365 matches found

OSV•added 2020/09/09 1:15 p.m.•2 views

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

6.1CVSS5.9AI score

Exploits0References2

OSV•added 2020/09/01 9:25 p.m.•8 views

GHSA-MPJF-8CMF-P789 Cross-Site Scripting in jingo

Versions of jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting XSS. If malicious input such as alert1 is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text. Recommendation Upgrade to version 1.9.2...

6.4AI score

Exploits0References1

CNVD•added 2020/07/22 12:0 a.m.•2 views

SAP Process Integration PI Rest Adapter Cross-Site Scripting Vulnerability

SAP Process Integration is a middleware provided by SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems external to the company. A cross-site scripting vulnerability exists in SAP Process Integration PI Rest Adapter. The vulnerability stem...

6.1CVSS6.5AI score0.0028EPSS

Exploits0References1

OSV•added 2020/07/14 1:15 p.m.•2 views

CVE-2020-6281

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting...

6.1CVSS6.3AI score0.00166EPSS

Exploits0References2

OSV•added 2020/07/14 1:15 p.m.•2 views

CVE-2020-6276

SAP Business Objects Business Intelligence Platform bipodata, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

6.1CVSS5.8AI score0.00166EPSS

Exploits0References2

Typo3•added 2020/07/07 12:0 a.m.•23 views

Multiple vulnerabilities in extension "mm_forum" (mm_forum)

The extension fails to properly encode user input for output in HTML context. Also the extension fails to implement a CSRF protection for update profile plugin...

5.8CVSS5.6AI score0.00113EPSS

Exploits0Affected Software1

OSV•added 2020/06/10 1:15 p.m.•2 views

CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTTABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.8AI score

Exploits0References2

Hacker One•added 2020/05/02 6:59 a.m.•23 views

Mail.ru: [panel.city-mobil.ru/admin/] Blind XSS via partner name (similar to #746505)

It was possible to cause XSS condition in admin panel of Citymobil by setting malformed partner name in https://fleet.city-mobil.ru/front/ The issue is really similar to 746505. The original issue was exploited via editing an existed user - we could add blind XSS payload during user editing. The...

0.6AI score

Exploits0

NVD•added 2020/04/24 11:15 p.m.•11 views

CVE-2020-6213

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTPHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting XSS via different URL parameters as it does not sufficiently encode user controlled inputs...

6.1CVSS5.9AI score0.00191EPSS

Exploits0References2

OSV•added 2020/04/14 8:15 p.m.•2 views

CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•2 views

CVE-2020-6216

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score0.00243EPSS

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•1 views

CVE-2020-6222

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS6AI score0.00235EPSS

Exploits0References2

OSV•added 2020/04/14 7:15 p.m.•1 views

CVE-2020-6229

SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score0.00243EPSS

Exploits0References2

OSV•added 2020/03/10 9:15 p.m.•1 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.6AI score

Exploits0References2

NVD•added 2020/03/10 9:15 p.m.•12 views

CVE-2020-6201

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

6.1CVSS6.2AI score0.00371EPSS

Exploits0References2

BDU FSTEC•added 2020/01/15 12:0 a.m.•0 views

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to execute malicious scripts.

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of user-input data. Exploiting this vulnerability allows a malicious actor to execute malicious scripts remotely...

6.1CVSS0.00208EPSS

Exploits0References4Affected Software1

BDU FSTEC•added 2020/01/13 12:0 a.m.•0 views

The vulnerability of the SAP Supplier Relationship Management procurement automation application, related to errors in the encoding of user-input data, allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the SAP Supplier Relationship Management procurement automation application is related to errors in the encoding of user-input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS0.00262EPSS

Exploits0References3Affected Software1

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...

5.4CVSS6AI score0.0025EPSS

Exploits0References1

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34406)

5.4CVSS6AI score0.0025EPSS

Exploits0References1

CNVD•added 2019/10/09 12:0 a.m.•2 views

SAP BusinessObjects Business Intelligence Reflective Cross-Site Scripting Vulnerability (CNVD-2019-34409)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A reflected cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2 and 4.3. The vulnerability stems from the product...

5.4CVSS6.2AI score0.00387EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by