Vulnerabilities > SAP > Manufacturing Execution > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-27615 Cross-site Scripting vulnerability in SAP Manufacturing Execution
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response.
network
low complexity
sap CWE-79
5.4
2021-04-13 CVE-2021-27600 Cross-site Scripting vulnerability in SAP Manufacturing Execution
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4