CVE-2023-4932
SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...