CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35224
https://notcve.org/view.php?id=CVE-2022-35224
12 Jul 2022 — SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session. SAP Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficienteme... • https://launchpad.support.sap.com/#/notes/3210779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10701 – SAP Enterprise Portal 7.50 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-10701
28 Sep 2017 — Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en SAP Enterprise Portal 7.50 permite que atacantes remotos inyecten scripts web o HTML arbitrarios. Esta vulnerabilidad también se puede consultar en SAP Security Notes 2469860, 2471209 y 2488516. SAP Enterprise Portal versions 7.50 and below suffer from a cross site ... • http://www.securityfocus.com/bid/100786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •