PT-2025-32529 · Broadcom · Symantec Pgp Encryption

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability occurs when the server does not properly validate or encode user-provided data. Recommendations: At the moment, there is no information about a newer...

BIT-GITLAB-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2024-45278

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

CVE-2024-37174

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

CVE-2023-49577

The SAP HCM SMART PAYE solution - versions S4HCMCIE 100, SAPHRCIE 600, SAPHRCIE 604, SAPHRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and...

CVE-2023-33986

SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...

CVE-2023-33991

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

CVE-2022-22529

SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...

CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting XSS vulnerability leading to limited impact on...

CVE-2022-35172

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2021-24857

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain...

CVE-2021-43561

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTTABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2020-6257

SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

CVE-2020-6216

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...