CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1434 – XSS in AREAL SAS Topkapi Vision Webserv2
https://notcve.org/view.php?id=CVE-2025-1434
11 Mar 2025 — The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected. • https://www.areal-topkapi.com/en/topkapi/security-bulletins • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-48733
https://notcve.org/view.php?id=CVE-2024-48733
30 Oct 2024 — SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. La vulnerabilidad de inyección SQL en /SASStudio/sasexec/sessions/{sessionID}/sql en SAS Studio 9.4 permite a un atacante remoto ejecutar comandos SQL arbitrarios a través de la solicitud del cuerpo POST. SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arb... • http://sas.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48734
https://notcve.org/view.php?id=CVE-2024-48734
30 Oct 2024 — *Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. *La carga de archivos sin restricciones en /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} en SAS Studio 9.4 permite que atacantes remotos carguen archivos maliciosos. Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the v... • http://sas.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48735
https://notcve.org/view.php?id=CVE-2024-48735
30 Oct 2024 — Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. Directory Traversal en /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} en SAS Studio 9.4 permite a un atacante remoto acceder a archivos internos manipulando la ruta predeterminada durante la descarga de archivos. Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{In... • http://sas.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4932 – Reflected Cross-Site Scripting in SAS 9.4
https://notcve.org/view.php?id=CVE-2023-4932
12 Dec 2023 — SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. • https://cert.pl/en/posts/2023/12/CVE-2023-4932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24724
https://notcve.org/view.php?id=CVE-2023-24724
03 Apr 2023 — A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3. • https://medium.com/%40williamamorim256/stored-xss-vulnerability-discovered-in-sas-9-4-admin-console-5680e9e4062c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-25256
https://notcve.org/view.php?id=CVE-2022-25256
19 Feb 2022 — SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. • https://github.com/RobertDra/CVE-2022-25256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 62%CPEs: 3EXPL: 1CVE-2021-41569
https://notcve.org/view.php?id=CVE-2021-41569
19 Nov 2021 — SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieve... • https://support.sas.com/kb/68/641.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35475
https://notcve.org/view.php?id=CVE-2021-35475
25 Jun 2021 — SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. SAS Environment Manager versión 2.5, permite un ataque de tipo XSS mediante el campo Name cuando se crea y edita un servidor. El ataque de tipo XSS se producirá al editar las propiedades de configuración • https://github.com/saitamang/CVE-2021-35475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7667 – Arbitrary File Write via Archive Extraction (Zip Slip)
https://notcve.org/view.php?id=CVE-2020-7667
24 Jun 2020 — In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. En el paquete github.com/sassoftware/go-rpmutils/cpio anterior a la versión 0.1.0, la funcionalidad de extracción de CPIO, no sanea las rutas de los archivos archivados cond... • https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •