Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting vulnerability in SAP Enable Now
Vulnerability Description
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAP Enable Now 跨站脚本漏洞
Vulnerability Description
SAP Enable Now是德国思爱普(SAP)公司的一套协作内容创作、管理和共享平台。该平台主要用于SAP和非SAP系统的在线学习和培训等。 SAP Enable Now存在跨站脚本漏洞,该漏洞源于未实现 X-Content-Type-Options 响应标头,允许未经身份验证的攻击者触发 MIME 类型嗅探,从而导致跨站脚本,以下产品和版本受到影响:SAP Enable Now WPB_MANAGER 1.0、WPB_MANAGER_CE 10、WPB_MANAGER_HANA 10、ENABLE_
CVSS Information
N/A
Vulnerability Type
N/A