Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
References
Configurations
No configuration.
History
No history.
Information
Published : 2025-06-10 01:15
Updated : 2025-06-12 16:06
NVD link : CVE-2025-42990
Mitre link : CVE-2025-42990
CVE.ORG link : CVE-2025-42990
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')