Vulnerabilities > SAS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-4932 | Cross-site Scripting vulnerability in SAS Integration Technologies 9.4 SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). | 5.4 |
| 2023-04-03 | CVE-2023-24724 | Cross-site Scripting vulnerability in SAS web Administration Interface 9.4 A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. | 5.4 |
| 2022-02-19 | CVE-2022-25256 | Cross-site Scripting vulnerability in SAS web Report Studio 4.4 SAS Web Report Studio 4.4 allows XSS. | 6.1 |
| 2021-06-25 | CVE-2021-35475 | Cross-site Scripting vulnerability in SAS Environment Manager 2.5 SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. | 5.4 |
| 2020-02-23 | CVE-2020-9350 | Cross-site Scripting vulnerability in SAS Visual Analytics 8.5 Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | 5.4 |
| 2019-01-17 | CVE-2015-9281 | Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4 Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 6.1 |