CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37178 – Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
https://notcve.org/view.php?id=CVE-2024-37178
SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application. SAP Financial Consolidation no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). • https://me.sap.com/notes/3457592 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37177 – Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
https://notcve.org/view.php?id=CVE-2024-37177
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application. SAP Financial Consolidation permite que los datos ingresen a una aplicación web a través de una fuente que no es de confianza. Estos endpoints están expuestos a través de la red y permiten al usuario modificar el contenido del sitio web. • https://me.sap.com/notes/3457592 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •