Cross-Site Scripting Vulnerability in SAPUI5 and OpenUI5
CVE-2019-0281

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Openui5
SAPui5
Vendor
CVE Published:
10 July 2019

Summary

SAPUI5 and OpenUI5 versions prior to 1.38.39, 1.44.39, 1.52.25, 1.60.6, and 1.63.0 are susceptible to a Cross-Site Scripting vulnerability due to insufficient encoding of user-controlled inputs. This weakness may allow attackers to inject malicious scripts into web pages viewed by end-users, compromising the security of web applications based on these frameworks. It is essential for developers to update their versions and implement proper input handling to mitigate risks.

Affected Version(s)

OpenUI5 1.38.39

OpenUI5 1.44.39

OpenUI5 1.52.25

References

http://www.securityfocus.com/bid/109077
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2756539
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.