|
631
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-23031
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionar…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-23030
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
- |
|
-
|
-
|
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vuln…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0061
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
- |
|
-
|
-
|
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to …
New
|
CWE-94
Code Injection
|
CVE-2025-0060
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
- |
|
-
|
-
|
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or acces…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0059
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
- |
|
-
|
-
|
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwis…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-0058
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
- |
|
-
|
-
|
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim v…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0057
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
- |
|
-
|
-
|
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim?s user directory on the Operating System level would be abl…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0056
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
- |
|
-
|
-
|
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim?s user directory on t…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0055
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
- |
|
-
|
-
|
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could …
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-0053
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
