CVE-2026-34258
- EPSS 0.01%
- Veröffentlicht 12.05.2026 02:19:41
- Zuletzt bearbeitet 12.05.2026 14:19:41
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered...
CVE-2025-42873
- EPSS 0.05%
- Veröffentlicht 09.12.2025 02:14:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinit...
- EPSS 0.14%
- Veröffentlicht 10.06.2025 00:12:33
- Zuletzt bearbeitet 15.04.2026 00:35:42
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confide...
CVE-2023-30743
- EPSS 0.17%
- Veröffentlicht 09.05.2023 02:15:12
- Zuletzt bearbeitet 21.11.2024 08:00:48
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the applica...