Page 2 of 10 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado, por medio de diferentes parámetros URL ya que no codifica suficientemente las entradas controladas por usuario. • https://launchpad.support.sap.com/#/notes/2872752 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2872545 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP (aplicación CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2900374 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, permite a un atacante redireccionar a usuarios hacia un sitio malicioso debido a una comprobación insuficiente de la URL y al robo de credenciales de la víctima, conllevando a una vulnerabilidad de Redirección de URL. • http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html http://seclists.org/fulldisclosure/2023/Oct/13 https://launchpad.support.sap.com/#/notes/2872782 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), versiones de SAP_BASIS 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; no codifica suficientemente las entradas controladas por el usuario, permitiendo a un atacante no autenticado desfigurar de forma no permanente o modificar el contenido mostrado y/o robar información de autenticación del usuario y/o suplantar al usuario y acceder a toda la información con los mismos derechos que el usuario objeto del ataque, conllevando a una Vulnerabilidad de tipo Cross Site Scripting Reflejado. • https://launchpad.support.sap.com/#/notes/2884910 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •