CVE-2022-35297 - AskarLabs CVE Database

CVE-2022-35297

Vendor Sap Se

Product SAP Enable Now

Weakness CWE-79 · XSS

Published October 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.

Key dates

02Disclosure timeline

October 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-35297

Related vulnerabilities

04Related CVE

CVE-2021-24233 Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS) CVE-2025-11928 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin CVE-2025-64827 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-52489 WordPress Add Chat App Button plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability