CVE-2022-25256
CVE-2022-25256 affects SAS Web Report Studio 4.4. The flaw is an XSS in /SASWebReportStudio/logonAndRender.do mediated by two parameters, saspfs_request_backlabel_list and saspfs_request_backurl_list. The second parameter can route to a malicious page and can execute JavaScript via a javascript: ...