Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4932: The SAS® Stored Process Web Application contains a cross-site scripting vulnerability

SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the _program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.

CVE
Open in Source
#xss#vulnerability#web#java#auth

Support

  • Submit a Problem
  • Update a Problem
  • Check Problem Status
  • SAS Administrators
  • Security Bulletins
  • License Assistance
  • Manage My Software Account
  • Downloads & Hot Fixes
  • Samples & SAS Notes
    • Browse by Topic
    • Search Samples
    • Search Usage Notes
    • Search Installation Notes
    • Search Problem Notes

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE