SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...

CVE-2019-0369

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability...

CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

CVE-2019-0368

SAP Customer Relationship Management Email Management, versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability...

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...

CVE-2019-0361

SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

PT-2019-4588 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP Basis versions 7.31, 7.4, 7.5 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited by a remote attacker to perform cross-site...

CVE-2019-0275

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...

CVE-2019-0254

SAP Disclosure Management before version 10.1 Stack 1301 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0251

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

SAP Commerce Cross-Site Scripting Vulnerability

SAP Commerce is a suite of e-commerce solutions from SAP Germany. The product includes components for product content management, experience management, personalization and order management. A cross-site scripting vulnerability exists in SAP Commerce versions prior to 6.7, which arises from a...

SAP CRM WebClient UI Cross-Site Scripting Vulnerability (CNVD-2019-04862)

SAP CRM Customer Relationship Management is a set of German SAP SAP company's customer relationship management solutions. The program includes sales management, marketing management, customer service systems and other modules. SAPSCORE, S4FND and WEBCUIF are among the Web client interface...

SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...

CVE-2019-0244

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0245

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-2486

SAP Marketing UICUAN 1.20, 1.30, 1.40, SAPSCORE 1.13, 1.14 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from Germany's SAP, which features report generation, analytics, data visualization, and more. A cross-site scripting vulnerability in SAP BusinessObjects Business...

CVE-2018-2479

SAP BusinessObjects Business Intelligence Platform BIWorkspace, versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...