Stored Cross-Site Scripting Vulnerability in SAP Enable Now
CVE-2022-35297
5.4MEDIUM
What is CVE-2022-35297?
SAP Enable Now has a vulnerability arising from inadequate encoding of user-controlled inputs during network transmission. This flaw allows attackers to manipulate the content delivered to other users, leading to a Stored Cross-Site Scripting (XSS) scenario. The unfiltered data can be leveraged to execute malicious scripts in the context of an unsuspecting user’s session, potentially compromising the confidentiality, integrity, and availability of affected systems. Organizations using SAP Enable Now should prioritize the implementation of proper input encoding practices to mitigate this risk.
Affected Version(s)
SAP Enable Now 10