CVE-2023-33991

Name of the Vulnerable Software and Affected Versions SAP UI5 Variant Management versions SAP UI 750 through SAP UI 757, UI 700 200

Description The issue is related to insufficient encoding of user-controlled inputs when reading data from the server, resulting in a Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user-level access can cause high impact on confidentiality, modify some information, and can cause unavailability of the application at the user level.

Recommendations For SAP UI5 Variant Management versions SAP UI 750 through SAP UI 757, and UI 700 200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.