CVE-2019-0385

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Enable NOW SAP Enable NOW

Timeline

PublishedNov 13

Latest updateMay 24

Description

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages2 packages

▶NVDsap/enable_now< 1908

▶CVEListV5sap_se/sap_enable_now< 1908

🔴Vulnerability Details

GHSA

GHSA-6mp7-qvw5-r9h4: SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability↗2022-05-24

▶

CVEList

CVE-2019-0385: SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability↗2019-11-13

▶