15 matches found
CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)
SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...
EUVD-2025-201854
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
Malicious code in sap.ui.layout (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-22128
SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...
SAP NetWeaver Business Client for HTML Cross-Site Scripting Vulnerability
SAP NetWeaver Business Client for HTML SAP NWBC for HTML is a lightweight browser-based version of NWBC from SAP, Germany. SAP NetWeaver Business Client for HTML SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731 versions have a security...
CVE-2023-40624
SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...
PT-2023-22947 · Sap · Sapui5
Name of the Vulnerable Software and Affected Versions: SAPUI5 versions SAP UI 750, SAP UI 754, SAP UI 755, SAP UI 756, SAP UI 757, UI 700 200 Description: The issue arises from improper neutralization of input in SAPUI5, allowing the injection of untrusted CSS through the sap.m.FormattedText SAPU...
CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver UIInfra, 1.0, SAP UI Implementation for Decoupled Innovations UI700, 2.0: SAP NetWeaver 7.00 Implementation,...
CVE-2018-2434
CVE-2018-2434 describes a content-spoofing vulnerability in SAP UI components (UI_Infra 1.0, UI_700 2.0; SAP_UI 7.4/7.5/7.51/7.52) used with SAP NetWeaver 7.00. The issue allows rendering HTML pages containing arbitrary plain text content, potentially misleading end users, but does not allow embe...
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...
Design/Logic Flaw
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...
Design/Logic Flaw
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...