CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22529
https://notcve.org/view.php?id=CVE-2022-22529
14 Jan 2022 — SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. SAP Enterprise Threat Detection (ETD) - versión 2.0, no codifica suficientemente las e... • https://launchpad.support.sap.com/#/notes/3124597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6254
https://notcve.org/view.php?id=CVE-2020-6254
12 May 2020 — SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. SAP Enterprise Threat Detection, versiones 1.0, 2.0, no codifica suficientemente las páginas de respuesta error en caso de errores, permitiendo a una carga útil XSS reflejarse en la respuesta, conllevando a un ataque de tipo Cross Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2913293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •