Export limit exceeded: 46618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46618 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2024-11-21 | N/A |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2018-2444 | 1 Sap | 1 Businessobjects Financial Consolidation | 2024-11-21 | N/A |
| SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | N/A |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2432 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. | ||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A |
| SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | ||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | N/A |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | ||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | ||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-11-21 | N/A |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | N/A |
| SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-11-21 | N/A |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2021 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.1 Medium |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345. | ||||
| CVE-2018-2004 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A |
| IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006. | ||||
| CVE-2018-25097 | 1 Acumos | 1 Design Studio | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420. | ||||