CVE-2019-0281

Name of the Vulnerable Software and Affected Versions SAPUI5 versions prior to 1.38.39 SAPUI5 versions prior to 1.44.39 SAPUI5 versions prior to 1.52.25 SAPUI5 versions prior to 1.60.6 SAPUI5 versions prior to 1.63.0 OpenUI5 versions prior to 1.38.39 OpenUI5 versions prior to 1.44.39 OpenUI5 versions prior to 1.52.25 OpenUI5 versions prior to 1.60.6 OpenUI5 versions prior to 1.63.0

Description The issue arises from insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For SAPUI5 versions prior to 1.38.39, update to version 1.38.39 or later. For SAPUI5 versions prior to 1.44.39, update to version 1.44.39 or later. For SAPUI5 versions prior to 1.52.25, update to version 1.52.25 or later. For SAPUI5 versions prior to 1.60.6, update to version 1.60.6 or later. For SAPUI5 versions prior to 1.63.0, update to version 1.63.0 or later. For OpenUI5 versions prior to 1.38.39, update to version 1.38.39 or later. For OpenUI5 versions prior to 1.44.39, update to version 1.44.39 or later. For OpenUI5 versions prior to 1.52.25, update to version 1.52.25 or later. For OpenUI5 versions prior to 1.60.6, update to version 1.60.6 or later. For OpenUI5 versions prior to 1.63.0, update to version 1.63.0 or later.