CVE-2023-4932

SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...

Cross site scripting

SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...

CVE-2023-4932

The CVE-2023-4932 entry is supported by multiple connected sources confirming a Reflected Cross-Site Scripting (XSS) flaw in SAS Stored Process Web Application. Affected software: SAS 9.4_M7 and 9.4_M8. Root cause: improper input validation in the _program parameter of the /SASStoredProcess/do en...

CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4

SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...