CVE-2023-30743

Summary

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAPUI5SAP_UI 750affected
SAP_SESAPUI5SAP_UI 754affected
SAP_SESAPUI5SAP_UI 755affected
SAP_SESAPUI5SAP_UI 756affected
SAP_SESAPUI5SAP_UI 757affected
SAP_SESAPUI5UI_700 200affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References