Cross site scripting

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

Cross site scripting

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

PT-2022-4924 · Sap · Sap Enterprise Portal

Name of the Vulnerable Software and Affected Versions: SAP Enterprise Portal versions 7.10 through 7.50 Description: The issue is related to the lack of protection for the web page structure, allowing a remote attacker to view, add, modify, or delete data. This is due to insufficient encoding of...

CVE-2022-24395

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

Cross site scripting

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

GitLab Access Control Error Vulnerability (CNVD-2020-19600)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions 7.10...

Path traversal

SAP NetWeaver UDDI Server Services Registry, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to...

SAP NetWeaver AS Java CVE-2019-0391 Information Disclosure Vulnerability

Description SAP NetWeaver AS Java is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. SAP NetWeaver AS Java versions 7.10, 7.20, 7.30, 7.31, 7.4 and 7.5 are vulnerable. Technologies Affect...

SalesAgility SuiteCRM SQL Injection Vulnerability

SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execut...

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

CVE-2018-2368

SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity...