CVE-2023-30743 HIGH

CVE-2023-30743: Improper Neutralization of Input in SAPUI5

Vendor Sap_Se
Product SAPUI5
Weakness CWE-79 · XSS
Published May 9, 2023
Last update January 28, 2025
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

Key dates

02Disclosure timeline

May 9, 2023 CVE published
January 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-6526 Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-0683 Essential Addons for Elementor Lite <= 5.0.8 Reflected Cross-Site Scripting CVE-2026-24784 DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer CVE-2024-56263 WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-5837 AlexanderLivanov FotosCMS2 Cookie profile.php cross site scripting