cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47594,https://securityvulnerability.io/vulnerability/CVE-2024-47594,SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability,"SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.",SAP,SAP Netweaver Enterprise Portal (kmc),5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-08T03:21:40.168Z,0
CVE-2022-35298,https://securityvulnerability.io/vulnerability/CVE-2022-35298,Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal by SAP,"SAP NetWeaver Enterprise Portal (KMC) version 7.50 presents a vulnerability that fails to adequately encode user input, making it prone to Cross-Site Scripting (XSS) attacks. This flaw allows attackers to craft malicious scripts that, when executed by users within the portal, could jeopardize the confidentiality and integrity of their web browser sessions. Such a security lapse emphasizes the necessity for proper input encoding to safeguard against unauthorized script execution.",SAP,SAP Netweaver Enterprise Portal (kmc),6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-09-13T15:43:36.000Z,0