CVE-2023-33991— SAP Variant Management 跨站脚本漏洞

Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

SAP Variant Management 跨站脚本漏洞

SAP Variant Management是德国思爱普（SAP）公司的用于存储用户为智能筛选栏创建的设置和为智能表格创建的设置的平台。 SAP Variant Management存在跨站脚本漏洞，该漏洞源于存在存储型跨站脚本（XSS）漏洞。受影响的产品和版本：SAP UI5 Variant Management SAP_UI 750版本,754版本,755版本,756版本,757版本, UI_700 200版本。

N/A

N/A