VYPR

UI5

by SAP

CVEs (2)

  • CVE-2018-2424CriJun 12, 2018
    risk 0.64cvss 9.8epss 0.02

    SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5…

  • CVE-2021-21476Feb 9, 2021
    risk 0.00cvss epss 0.01

    SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.