Cross site scripting

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious...

CVE-2024-22128

CVE-2024-22128 affects SAP NWBC for HTML. The issue is insufficient encoding of user-controlled inputs in versions SAP_UI 754–758 and SAP_BASIS 700–702, 731, enabling unauthenticated attackers to inject malicious JavaScript and impact confidentiality and integrity of application data after exploi...

CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

Design/Logic Flaw

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-49584

CVE-2023-49584 affects SAP Fiori Launchpad components across multiple SAP_UI versions (750, 754–758), UI_700 200, and SAP_BASIS 793. The issue allows an attacker to issue HTTP POST requests against a read-only service, resulting in low confidentiality impact per the provided description. Root cau...

CVE-2023-40624

SAP NetWeaver AS ABAP (Unified Rendering) is affected in SAP_UI 754–758 and SAP_BASIS 702, 731. The root cause is insufficient validation/escaping of user-supplied data, allowing an attacker to inject JavaScript that is executed in the web application. This can enable an attacker to influence the...

CVE-2023-33991

CVE-2023-33991 affects SAP UI5 Variant Management (SAP_UI 750–757, UI_700 200). The vulnerability is a Stored XSS caused by insufficient encoding of user-controlled inputs when reading data from the server. The impact described across sources is high confidentiality impact with some information m...

CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

CVE-2023-30743

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

SAP Fiori Launchpad Cross Site Scripting

Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...

Cross site scripting

SAP NetWeaver Application Server ABAP Applications based on Web Dynpro ABAP, versions - SAPUI - 750,752,753,754,755, SAPBASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2021-33664

CVE-2021-33664 affects SAP NetWeaver Application Server ABAP (Web Dynpro ABAP) with SAP_UI versions 750–755 and SAP_BASIS 702, 731, where user-controlled inputs are not sufficiently encoded, causing a Cross-Site Scripting (XSS) vulnerability. Connected records from SAP and security portals confir...