CVE-2025-42973
- EPSS 0.04%
- Veröffentlicht 08.07.2025 00:37:10
- Zuletzt bearbeitet 08.07.2025 16:18:14
Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected an...
CVE-2025-26662
- EPSS 0.05%
- Veröffentlicht 13.05.2025 00:09:05
- Zuletzt bearbeitet 13.05.2025 19:35:25
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets exec...
CVE-2022-35226
- EPSS 0.81%
- Veröffentlicht 11.10.2022 21:15:12
- Zuletzt bearbeitet 21.11.2024 07:10:55
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to...
CVE-2018-2466
- EPSS 0.4%
- Veröffentlicht 09.10.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:03:51
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.