1 results (0.001 seconds)
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28770
https://notcve.org/view.php?id=CVE-2022-28770
12 Apr 2022 — Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, la biblioteca SAPUI5(vbm) - versiones 750, 753, 754, 755, 75, permite a un atacante no autenticado inyectar un script en la URL y ejec... • https://launchpad.support.sap.com/#/notes/3126557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •