CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35225
https://notcve.org/view.php?id=CVE-2022-35225
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario a través de la red, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado, cambiando así el alcance del ataque. Esto conlleva a un impacto limitado en la confidencialidad e integridad de los datos • https://launchpad.support.sap.com/#/notes/3208880 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35227
https://notcve.org/view.php?id=CVE-2022-35227
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session. Una vulnerabilidad en SAP NW EP (WPC) - versiones 7.30, 7.31, 7.40, 7.50, que no comprueba suficientemente la entrada controlada por el usuario, permite a un atacante remoto conducir un ataque de tipo Cross-Site scripting (XSS). Una explotación con éxito podría permitir al atacante ejecutar código de script arbitrario que podría conllevar a el robo o la modificación de la información de autenticación del usuario, como los datos relativos a su sesión actual • https://launchpad.support.sap.com/#/notes/3211760 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35172
https://notcve.org/view.php?id=CVE-2022-35172
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado • https://launchpad.support.sap.com/#/notes/3207902 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35170
https://notcve.org/view.php?id=CVE-2022-35170
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario a través de la red, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado, cambiando así el alcance del ataque. Esto conlleva a un impacto limitado en la confidencialidad e integridad de los datos • https://launchpad.support.sap.com/#/notes/3208819 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32247
https://notcve.org/view.php?id=CVE-2022-32247
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de ejecución de scripts por parte de un atacante no autenticado debido a un saneo inapropiado de las entradas del usuario mientras interactúa en la red. Si es explotado con éxito, un atacante puede visualizaro modificar información causando un impacto limitado en la confidencialidad e integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3209557 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •