CVE-2022-35297
published 2022-10-11CVE-2022-35297: The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | enable_now | — | — |
| sap_se | sap_enable_now | — | — |