Vulnerabilities > SAP > UI > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-33991 Cross-site Scripting vulnerability in SAP UI
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability.
network
low complexity
sap CWE-79
8.2
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5