Lucene search
+L

43 matches found

cnnvd
cnnvd
added 2023/05/09 12:0 a.m.5 views

SAP SAPUI5 跨站脚本漏洞

SAP SAPUI5 is a JavaScript application framework from SAP, Germany. A cross-site scripting vulnerability exists in SAP SAPUI5. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

7.1CVSS5.9AI score0.00438EPSS
Exploits0References4
nvd
nvd
added 2022/01/14 8:15 p.m.22 views

CVE-2022-22529

SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...

6.1CVSS0.00602EPSS
Exploits0References2
prion
prion
added 2022/01/14 8:15 p.m.18 views

Design/Logic Flaw

SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...

4.3CVSS5.9AI score0.00602EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2021/02/26 12:0 a.m.10 views

SAP UI5 Open Redirect Vulnerability

SAP UI5 is a Java script-based framework for designing multi-platform business applications. It supports a variety of data models and views for desktop and mobile applications. An open redirection vulnerability exists in SAP UI5 versions 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4...

6.1CVSS6.8AI score0.00816EPSS
Exploits0References1
nvd
nvd
added 2021/02/09 9:15 p.m.18 views

CVE-2021-21476

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS0.00816EPSS
Exploits0References2
osv
osv
added 2021/02/09 9:15 p.m.5 views

CVE-2021-21476

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS5.9AI score0.00816EPSS
Exploits0References2
prion
prion
added 2021/02/09 9:15 p.m.18 views

Design/Logic Flaw

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

5.8CVSS6.2AI score0.00816EPSS
Exploits0References2Affected Software1
cve
cve
added 2021/02/09 8:44 p.m.45 views

CVE-2021-21476

CVE-2021-21476 (SAP UI5) affects SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, and 1.86.1. The vulnerability is described as an open redirect caused by Reverse Tabnabbing, allowing an unauthenticated attacker to redirect users to a malicious site. The connec...

6.1CVSS6.3AI score0.00816EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/02/09 8:44 p.m.26 views

CVE-2021-21476

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

4.7CVSS6.5AI score0.00816EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/02/09 12:0 a.m.11 views

SAP UI5 输入验证错误漏洞

SAP UI5 is a Java script-based framework for designing multi-platform business applications. It supports a variety of data models and views for desktop and mobile applications. An open redirection vulnerability exists in SAP UI5 versions 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4...

6.1CVSS6.2AI score0.00816EPSS
Exploits0References3
github
github
added 2021/01/29 8:51 p.m.51 views

Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

7.8CVSS0.2AI score0.00988EPSS
Exploits0References7Affected Software1
vulnersosv
vulnersosv
added 2020/01/08 11:33 a.m.8 views

@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)

devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...

9.8CVSS7.2AI score0.03453EPSS
Exploits0
nvd
nvd
added 2019/11/13 11:15 p.m.28 views

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

5.3CVSS5.2AI score0.00727EPSS
Exploits0References2
prion
prion
added 2019/11/13 11:15 p.m.20 views

Design/Logic Flaw

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

5CVSS5.2AI score0.00727EPSS
Exploits0References2Affected Software1
cve
cve
added 2019/11/13 10:17 p.m.53 views

CVE-2019-0388

CVE-2019-0388 affects the SAP UI5 HTTP Handler and is due to insufficient URL validation, enabling an attacker to manipulate content. The vulnerability is addressed by fixes in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 v2.0. Exploitation details are not provided in the connected ...

5.3CVSS5.2AI score0.00727EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/11/13 10:17 p.m.32 views

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

5.3AI score0.00727EPSS
Exploits0References2
prion
prion
added 2018/06/12 3:29 p.m.20 views

Design/Logic Flaw

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...

5CVSS7.5AI score0.02396EPSS
Exploits0References3Affected Software4
nvd
nvd
added 2018/06/12 3:29 p.m.11 views

CVE-2018-2424

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...

9.8CVSS9.6AI score0.02396EPSS
Exploits0References3
osv
osv
added 2018/06/12 3:29 p.m.5 views

CVE-2018-2424

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 Java 7.30, 7.31, 7.40...

7.5CVSS5.8AI score0.02396EPSS
Exploits0References3
nvd
nvd
added 2018/06/12 3:29 p.m.23 views

CVE-2018-2428

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00...

5.3CVSS5.2AI score0.01759EPSS
Exploits0References3
Rows per page
Query Builder