43 matches found
SAP SAPUI5 跨站脚本漏洞
SAP SAPUI5 is a JavaScript application framework from SAP, Germany. A cross-site scripting vulnerability exists in SAP SAPUI5. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
CVE-2022-22529
SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...
Design/Logic Flaw
SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...
SAP UI5 Open Redirect Vulnerability
SAP UI5 is a Java script-based framework for designing multi-platform business applications. It supports a variety of data models and views for desktop and mobile applications. An open redirection vulnerability exists in SAP UI5 versions 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4...
CVE-2021-21476
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-21476
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
Design/Logic Flaw
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-21476
CVE-2021-21476 (SAP UI5) affects SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, and 1.86.1. The vulnerability is described as an open redirect caused by Reverse Tabnabbing, allowing an unauthenticated attacker to redirect users to a malicious site. The connec...
CVE-2021-21476
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
SAP UI5 输入验证错误漏洞
SAP UI5 is a Java script-based framework for designing multi-platform business applications. It supports a variety of data models and views for desktop and mobile applications. An open redirection vulnerability exists in SAP UI5 versions 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4...
Processing untrusted theming resources might execute arbitrary code (ACE)
Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...
@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)
devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...
CVE-2019-0388
SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...
Design/Logic Flaw
SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...
CVE-2019-0388
CVE-2019-0388 affects the SAP UI5 HTTP Handler and is due to insufficient URL validation, enabling an attacker to manipulate content. The vulnerability is addressed by fixes in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 v2.0. Exploitation details are not provided in the connected ...
CVE-2019-0388
SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...
Design/Logic Flaw
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...