CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

PT-2024-25052 · Sap · Sapui5

Name of the Vulnerable Software and Affected Versions: SAPUI5 affected versions not specified Description: The issue concerns the execution of embedded JavaScript in PDF documents by the PDFViewer control in SAPUI5. If a PDF contains harmful client-side scripts, including JavaScript, the PDFViewe...

CVE-2024-22128

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-33991

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

SAP Variant Management 跨站脚本漏洞

SAP Variant Management is a platform from SAP, Germany, for storing user-created settings for Smart Filter Fields and settings created for Smart Forms. A cross-site scripting vulnerability exists in SAP Variant Management that stems from the presence of a stored cross-site scripting XSS...

Vulnerabilities fixed in SAP

SAP has fixed vulnerabilities in several products, including NetWeaver, CRM and SAPUI5. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication SQL Injection SAP has...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2018-2428

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...