CVE-2024-22128

Name of the Vulnerable Software and Affected Versions: SAP NWBC for HTML - versions SAP UI 754 through SAP UI 758 SAP NWBC for HTML - versions SAP BASIS 700 through SAP BASIS 702 SAP NWBC for HTML - version SAP BASIS 731

Description: The issue arises from insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript, causing limited impact to the confidentiality and integrity of the application data after successful exploitation. The vulnerability can be exploited by a remote attacker to conduct an XSS attack, potentially affecting the structure of web pages.

Recommendations: For SAP UI versions 754 through 758, update to a version that sufficiently encodes user-controlled inputs to prevent XSS attacks. For SAP BASIS versions 700 through 702, update to a version that sufficiently encodes user-controlled inputs to prevent XSS attacks. For SAP BASIS version 731, update to a version that sufficiently encodes user-controlled inputs to prevent XSS attacks.