CVE-2022-28770

CVE-2022-28770

Vendor Sap Se
Product SAPUI5 (vbm library)
Weakness CWE-79 · XSS
Published April 12, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

April 12, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-46939 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-48493 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-48352 WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability CVE-2026-1908 Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2024-41943 I, Librarian Stored XSS vulnerability in Item Summary