The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.

Related CVEs

CVE-2022-35297

Key Information

GHSA ID

GHSA-8f87-pmx7-ffqx

Published

October 12, 2022 12:00 PM

Last Modified

October 12, 2022 7:00 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 25, 2025 8:18 PM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.