Cross site scripting

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

CVE-2023-36919

The CVE-2023-36919 issue affects SAP Enable Now products: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The underlying root cause is the lack of an implemented Referrer-Policy header, leading to information disclosure by exposing referrer details to unauthe...

CVE-2023-36918

CVE-2023-36918 affects SAP Enable Now components WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10 and ENABLE_NOW_CONSUMP_DEL 1704. The root cause is absence of the X-Content-Type-Options response header, enabling MIME type sniffing and leading to Cross-Site Scripting that could disclose or...

CVE-2023-33988

CVE-2023-33988 affects SAP Enable Now components: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The vulnerability stems from the absence of implemented Content-Security-Policy and X-XSS-Protection headers, enabling an unauthenticated attacker to attempt ref...