cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-33007,https://securityvulnerability.io/vulnerability/CVE-2024-33007,SAP PDFViewer Vulnerability: Execution of Embedded JavaScript Can Cause Security Threats,"PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.",SAP,SAPui5 (PDFviewer),3.5,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:44:05.434Z,0
CVE-2023-30743,https://securityvulnerability.io/vulnerability/CVE-2023-30743,Improper Neutralization of Input in SAPUI5,"Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

",SAP,SAPUI5,6.1,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2022-28770,https://securityvulnerability.io/vulnerability/CVE-2022-28770,,"Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.",SAP,SAPui5 (vbm Library),6.1,MEDIUM,0.0009699999936856329,false,false,false,false,,false,false,2022-04-12T16:11:28.000Z,0
CVE-2021-33697,https://securityvulnerability.io/vulnerability/CVE-2021-33697,,"Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.",SAP,SAP Businessobjects Business Intelligence Platform (SAPui5),4.7,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2021-09-15T18:01:46.000Z,0
CVE-2019-0281,https://securityvulnerability.io/vulnerability/CVE-2019-0281,,"SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"Openui5,SAPui5",6.1,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2019-07-10T18:46:17.000Z,0