CVE-2024-30215 – Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
https://notcve.org/view.php?id=CVE-2024-30215
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. La página Resource Settings permite a un atacante con altos privilegios cargar un payload explotable para almacenarlo y reflejarlo cada vez que un usuario visita la página. En un ataque exitoso, se podría obtener y/o modificar cierta información. • https://me.sap.com/notes/3421453 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-30214 – Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
https://notcve.org/view.php?id=CVE-2024-30214
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. La aplicación permite que un atacante con privilegios elevados agregue un parámetro de consulta GET malicioso a las invocaciones del Servicio, que se reflejan en la respuesta del servidor. En determinadas circunstancias, si el parámetro contiene JavaScript, el script podría procesarse en el lado del cliente. • https://me.sap.com/notes/3421453 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •