CVE-2022-35297

Summary

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Enable Now10affected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References