SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
6.1CVSS
5.9AI Score
0.001EPSS
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. *.less files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execu...
7.8CVSS
7.5AI Score
0.001EPSS