1 results (0.012 seconds)
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29112 – Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)
https://notcve.org/view.php?id=CVE-2023-29112
11 Apr 2023 — The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application. • https://launchpad.support.sap.com/#/notes/3114489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •