CVE-2019-0281

Summary

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SEOpenUI51.38.39affected
SAP SEOpenUI51.44.39affected
SAP SEOpenUI51.52.25affected
SAP SEOpenUI51.60.6affected
SAP SEOpenUI51.63.0affected
SAP SESAPUI51.38.39affected
SAP SESAPUI51.44.39affected
SAP SESAPUI51.52.25affected
SAP SESAPUI51.60.6affected
SAP SESAPUI51.63.0affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References