CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/02/13 2:42 a.m.•26 views

CVE-2024-24742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

4.1CVSS6.1AI score0.00329EPSS

CVE•added 2024/02/13 2:42 a.m.•52 views

CVE-2024-24742

SAP CRM WebClient UI (versions S4FND 102–106; WEBCUIF 701–801) contains an XSS vulnerability due to insufficient encoding of user-controlled inputs. The issue affects the integrity of application data with low-privilege exploitation and has no impact on confidentiality or availability as describe...

4.1CVSS4.3AI score0.00329EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/02/13 2:29 a.m.•13 views

CVE-2024-22130 Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled...

7.6CVSS7AI score0.00323EPSS

Cvelist•added 2024/02/13 2:29 a.m.•18 views

CVE-2024-22130 Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

7.6CVSS7.2AI score0.00323EPSS

CVE•added 2024/02/13 2:29 a.m.•52 views

CVE-2024-22130

The CVE-2024-22130 entry applies to SAP CRM WebClient UI, affecting SAP CRM WebClient UI versions S4FND 102–108 and WEBCUIF 700–801. The root cause is insufficient encoding of user-controlled inputs in the Print preview option, leading to a Cross‑Site Scripting (XSS) vulnerability. An attacker wi...

7.6CVSS6.9AI score0.00323EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/02/13 12:0 a.m.•2 views

SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM WebClient UI S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, A cross-site scripting vulnerability exists in WEBCUIF 746, WEBCU IF 747,...

7.6CVSS6AI score0.00323EPSS

Exploits0References3

Spring Engineering•added 2024/02/13 12:0 a.m.•9 views

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

7.2AI score

Exploits0

Positive Technologies•added 2024/02/12 12:0 a.m.•1 views

PT-2024-4084

Name of the Vulnerable Software and Affected Versions SAP CRM WebClient UI versions S4FND 102 through S4FND 108 SAP CRM WebClient UI versions WEBCUIF 700 through WEBCUIF 801 Description The print preview option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting...

7.6CVSS7AI score0.00323EPSS

Exploits0References11

Spring Engineering•added 2024/02/07 12:0 a.m.•13 views

This Week in Spring - February 6th

Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...

7.2AI score

Exploits0

OSV•added 2023/12/04 11:13 p.m.•28 views

GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

9.8CVSS9.3AI score0.02358EPSS

Exploits1References4

OSV•added 2023/09/25 7:15 p.m.•6 views

CVE-2023-43319

Cross Site Scripting XSS vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

ATTACKERKB•added 2023/09/25 7:15 p.m.•3 views

CVE-2023-43319

NVD•added 2023/09/25 7:15 p.m.•18 views

Exploits0References3

CVE-2023-43319

Prion•added 2023/09/25 7:15 p.m.•14 views

Cross site scripting

5.8CVSS6AI score0.00429EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/09/25 12:0 a.m.•3 views

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from the Czech company Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient version 10.3.5, which originates from a cross-site scripting XSS vulnerability in the login page, allowing an attacker to execute arbitrary...

6.1CVSS5.6AI score0.00429EPSS

CVE•added 2023/09/25 12:0 a.m.•52 views

CVE-2023-43319

IceWarp WebClient 10.3.5 Sign-In page is vulnerable to Cross-Site Scripting (XSS) via the username parameter. Attackers can inject crafted payloads to execute arbitrary web scripts/HTML in the victim’s browser. Documents confirm the affected component and the vulnerability vector, but do not prov...

Exploits0References1Affected Software1

Vulnrichment•added 2023/09/25 12:0 a.m.•9 views

CVE-2023-43319

6AI score0.00429EPSS

Cvelist•added 2023/09/25 12:0 a.m.•15 views

CVE-2023-43319

6.1AI score0.00429EPSS