Vulnerabilities > SAP > Biller Direct

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-42479 Cross-site Scripting vulnerability in SAP Biller Direct 635/750
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system.
network
low complexity
sap CWE-79
6.1
2022-11-08 CVE-2022-41207 Open Redirect vulnerability in SAP Biller Direct 635/750
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL.
network
low complexity
sap CWE-601
6.1