Vulnerability Details CVE-2019-0281
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/109077
- https://launchpad.support.sap.com/#/notes/2756539
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
- http://www.securityfocus.com/bid/109077
- https://launchpad.support.sap.com/#/notes/2756539
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
Products affected by CVE-2019-0281
-
cpe:2.3:a:sap:openui5:1.25.0
-
cpe:2.3:a:sap:openui5:1.26.0
-
cpe:2.3:a:sap:openui5:1.26.1
-
cpe:2.3:a:sap:openui5:1.26.10
-
cpe:2.3:a:sap:openui5:1.26.11
-
cpe:2.3:a:sap:openui5:1.26.12
-
cpe:2.3:a:sap:openui5:1.26.13
-
cpe:2.3:a:sap:openui5:1.26.14
-
cpe:2.3:a:sap:openui5:1.26.15
-
cpe:2.3:a:sap:openui5:1.26.16
-
cpe:2.3:a:sap:openui5:1.26.2
-
cpe:2.3:a:sap:openui5:1.26.3
-
cpe:2.3:a:sap:openui5:1.26.4
-
cpe:2.3:a:sap:openui5:1.26.5
-
cpe:2.3:a:sap:openui5:1.26.6
-
cpe:2.3:a:sap:openui5:1.26.7
-
cpe:2.3:a:sap:openui5:1.26.8
-
cpe:2.3:a:sap:openui5:1.26.9
-
cpe:2.3:a:sap:openui5:1.27.0
-
cpe:2.3:a:sap:openui5:1.28.0
-
cpe:2.3:a:sap:openui5:1.28.1
-
cpe:2.3:a:sap:openui5:1.28.10
-
cpe:2.3:a:sap:openui5:1.28.11
-
cpe:2.3:a:sap:openui5:1.28.12
-
cpe:2.3:a:sap:openui5:1.28.13
-
cpe:2.3:a:sap:openui5:1.28.14
-
cpe:2.3:a:sap:openui5:1.28.15
-
cpe:2.3:a:sap:openui5:1.28.16
-
cpe:2.3:a:sap:openui5:1.28.17
-
cpe:2.3:a:sap:openui5:1.28.18
-
cpe:2.3:a:sap:openui5:1.28.19
-
cpe:2.3:a:sap:openui5:1.28.2
-
cpe:2.3:a:sap:openui5:1.28.20
-
cpe:2.3:a:sap:openui5:1.28.21
-
cpe:2.3:a:sap:openui5:1.28.22
-
cpe:2.3:a:sap:openui5:1.28.23
-
cpe:2.3:a:sap:openui5:1.28.24
-
cpe:2.3:a:sap:openui5:1.28.25
-
cpe:2.3:a:sap:openui5:1.28.26
-
cpe:2.3:a:sap:openui5:1.28.27
-
cpe:2.3:a:sap:openui5:1.28.28
-
cpe:2.3:a:sap:openui5:1.28.29
-
cpe:2.3:a:sap:openui5:1.28.3
-
cpe:2.3:a:sap:openui5:1.28.30
-
cpe:2.3:a:sap:openui5:1.28.31
-
cpe:2.3:a:sap:openui5:1.28.32
-
cpe:2.3:a:sap:openui5:1.28.33
-
cpe:2.3:a:sap:openui5:1.28.34
-
cpe:2.3:a:sap:openui5:1.28.35
-
cpe:2.3:a:sap:openui5:1.28.36
-
cpe:2.3:a:sap:openui5:1.28.37
-
cpe:2.3:a:sap:openui5:1.28.38
-
cpe:2.3:a:sap:openui5:1.28.39
-
cpe:2.3:a:sap:openui5:1.28.4
-
cpe:2.3:a:sap:openui5:1.28.40
-
cpe:2.3:a:sap:openui5:1.28.41
-
cpe:2.3:a:sap:openui5:1.28.42
-
cpe:2.3:a:sap:openui5:1.28.43
-
cpe:2.3:a:sap:openui5:1.28.44
-
cpe:2.3:a:sap:openui5:1.28.45
-
cpe:2.3:a:sap:openui5:1.28.46
-
cpe:2.3:a:sap:openui5:1.28.47
-
cpe:2.3:a:sap:openui5:1.28.48
-
cpe:2.3:a:sap:openui5:1.28.49
-
cpe:2.3:a:sap:openui5:1.28.5
-
cpe:2.3:a:sap:openui5:1.28.50
-
cpe:2.3:a:sap:openui5:1.28.51
-
cpe:2.3:a:sap:openui5:1.28.52
-
cpe:2.3:a:sap:openui5:1.28.6
-
cpe:2.3:a:sap:openui5:1.28.7
-
cpe:2.3:a:sap:openui5:1.28.8
-
cpe:2.3:a:sap:openui5:1.28.9
-
cpe:2.3:a:sap:openui5:1.29.0
-
cpe:2.3:a:sap:openui5:1.30.0
-
cpe:2.3:a:sap:openui5:1.30.1
-
cpe:2.3:a:sap:openui5:1.30.10
-
cpe:2.3:a:sap:openui5:1.30.11
-
cpe:2.3:a:sap:openui5:1.30.2
-
cpe:2.3:a:sap:openui5:1.30.3
-
cpe:2.3:a:sap:openui5:1.30.4
-
cpe:2.3:a:sap:openui5:1.30.5
-
cpe:2.3:a:sap:openui5:1.30.6
-
cpe:2.3:a:sap:openui5:1.30.7
-
cpe:2.3:a:sap:openui5:1.30.8
-
cpe:2.3:a:sap:openui5:1.30.9
-
cpe:2.3:a:sap:openui5:1.32.0
-
cpe:2.3:a:sap:openui5:1.32.1
-
cpe:2.3:a:sap:openui5:1.32.10
-
cpe:2.3:a:sap:openui5:1.32.11
-
cpe:2.3:a:sap:openui5:1.32.12
-
cpe:2.3:a:sap:openui5:1.32.13
-
cpe:2.3:a:sap:openui5:1.32.14
-
cpe:2.3:a:sap:openui5:1.32.15
-
cpe:2.3:a:sap:openui5:1.32.16
-
cpe:2.3:a:sap:openui5:1.32.17
-
cpe:2.3:a:sap:openui5:1.32.2
-
cpe:2.3:a:sap:openui5:1.32.3
-
cpe:2.3:a:sap:openui5:1.32.4
-
cpe:2.3:a:sap:openui5:1.32.5
-
cpe:2.3:a:sap:openui5:1.32.6
-
cpe:2.3:a:sap:openui5:1.32.7
-
cpe:2.3:a:sap:openui5:1.32.8
-
cpe:2.3:a:sap:openui5:1.32.9
-
cpe:2.3:a:sap:openui5:1.34.0
-
cpe:2.3:a:sap:openui5:1.34.1
-
cpe:2.3:a:sap:openui5:1.34.10
-
cpe:2.3:a:sap:openui5:1.34.11
-
cpe:2.3:a:sap:openui5:1.34.12
-
cpe:2.3:a:sap:openui5:1.34.2
-
cpe:2.3:a:sap:openui5:1.34.3
-
cpe:2.3:a:sap:openui5:1.34.4
-
cpe:2.3:a:sap:openui5:1.34.5
-
cpe:2.3:a:sap:openui5:1.34.6
-
cpe:2.3:a:sap:openui5:1.34.7
-
cpe:2.3:a:sap:openui5:1.34.8
-
cpe:2.3:a:sap:openui5:1.34.9
-
cpe:2.3:a:sap:openui5:1.36.0
-
cpe:2.3:a:sap:openui5:1.36.1
-
cpe:2.3:a:sap:openui5:1.36.10
-
cpe:2.3:a:sap:openui5:1.36.11
-
cpe:2.3:a:sap:openui5:1.36.12
-
cpe:2.3:a:sap:openui5:1.36.13
-
cpe:2.3:a:sap:openui5:1.36.14
-
cpe:2.3:a:sap:openui5:1.36.15
-
cpe:2.3:a:sap:openui5:1.36.16
-
cpe:2.3:a:sap:openui5:1.36.2
-
cpe:2.3:a:sap:openui5:1.36.3
-
cpe:2.3:a:sap:openui5:1.36.4
-
cpe:2.3:a:sap:openui5:1.36.5
-
cpe:2.3:a:sap:openui5:1.36.6
-
cpe:2.3:a:sap:openui5:1.36.7
-
cpe:2.3:a:sap:openui5:1.36.8
-
cpe:2.3:a:sap:openui5:1.36.9
-
cpe:2.3:a:sap:openui5:1.38.0
-
cpe:2.3:a:sap:openui5:1.38.1
-
cpe:2.3:a:sap:openui5:1.38.10
-
cpe:2.3:a:sap:openui5:1.38.11
-
cpe:2.3:a:sap:openui5:1.38.12
-
cpe:2.3:a:sap:openui5:1.38.13
-
cpe:2.3:a:sap:openui5:1.38.14
-
cpe:2.3:a:sap:openui5:1.38.15
-
cpe:2.3:a:sap:openui5:1.38.16
-
cpe:2.3:a:sap:openui5:1.38.17
-
cpe:2.3:a:sap:openui5:1.38.18
-
cpe:2.3:a:sap:openui5:1.38.19
-
cpe:2.3:a:sap:openui5:1.38.2
-
cpe:2.3:a:sap:openui5:1.38.20
-
cpe:2.3:a:sap:openui5:1.38.21
-
cpe:2.3:a:sap:openui5:1.38.22
-
cpe:2.3:a:sap:openui5:1.38.23
-
cpe:2.3:a:sap:openui5:1.38.24
-
cpe:2.3:a:sap:openui5:1.38.25
-
cpe:2.3:a:sap:openui5:1.38.26
-
cpe:2.3:a:sap:openui5:1.38.27
-
cpe:2.3:a:sap:openui5:1.38.28
-
cpe:2.3:a:sap:openui5:1.38.29
-
cpe:2.3:a:sap:openui5:1.38.3
-
cpe:2.3:a:sap:openui5:1.38.30
-
cpe:2.3:a:sap:openui5:1.38.31
-
cpe:2.3:a:sap:openui5:1.38.32
-
cpe:2.3:a:sap:openui5:1.38.33
-
cpe:2.3:a:sap:openui5:1.38.34
-
cpe:2.3:a:sap:openui5:1.38.35
-
cpe:2.3:a:sap:openui5:1.38.36
-
cpe:2.3:a:sap:openui5:1.38.37
-
cpe:2.3:a:sap:openui5:1.38.38
-
cpe:2.3:a:sap:openui5:1.38.4
-
cpe:2.3:a:sap:openui5:1.38.5
-
cpe:2.3:a:sap:openui5:1.38.6
-
cpe:2.3:a:sap:openui5:1.38.7
-
cpe:2.3:a:sap:openui5:1.38.8
-
cpe:2.3:a:sap:openui5:1.38.9
-
cpe:2.3:a:sap:openui5:1.40.0
-
cpe:2.3:a:sap:openui5:1.40.1
-
cpe:2.3:a:sap:openui5:1.40.10
-
cpe:2.3:a:sap:openui5:1.40.11
-
cpe:2.3:a:sap:openui5:1.40.12
-
cpe:2.3:a:sap:openui5:1.40.13
-
cpe:2.3:a:sap:openui5:1.40.14
-
cpe:2.3:a:sap:openui5:1.40.15
-
cpe:2.3:a:sap:openui5:1.40.16
-
cpe:2.3:a:sap:openui5:1.40.17
-
cpe:2.3:a:sap:openui5:1.40.18
-
cpe:2.3:a:sap:openui5:1.40.2
-
cpe:2.3:a:sap:openui5:1.40.3
-
cpe:2.3:a:sap:openui5:1.40.4
-
cpe:2.3:a:sap:openui5:1.40.5
-
cpe:2.3:a:sap:openui5:1.40.6
-
cpe:2.3:a:sap:openui5:1.40.7
-
cpe:2.3:a:sap:openui5:1.40.8
-
cpe:2.3:a:sap:openui5:1.40.9
-
cpe:2.3:a:sap:openui5:1.42.0
-
cpe:2.3:a:sap:openui5:1.42.1
-
cpe:2.3:a:sap:openui5:1.42.2
-
cpe:2.3:a:sap:openui5:1.42.3
-
cpe:2.3:a:sap:openui5:1.42.4
-
cpe:2.3:a:sap:openui5:1.42.5
-
cpe:2.3:a:sap:openui5:1.42.6
-
cpe:2.3:a:sap:openui5:1.42.7
-
cpe:2.3:a:sap:openui5:1.42.8
-
cpe:2.3:a:sap:openui5:1.42.9
-
cpe:2.3:a:sap:openui5:1.44.0
-
cpe:2.3:a:sap:openui5:1.44.1
-
cpe:2.3:a:sap:openui5:1.44.10
-
cpe:2.3:a:sap:openui5:1.44.11
-
cpe:2.3:a:sap:openui5:1.44.12
-
cpe:2.3:a:sap:openui5:1.44.13
-
cpe:2.3:a:sap:openui5:1.44.14
-
cpe:2.3:a:sap:openui5:1.44.15
-
cpe:2.3:a:sap:openui5:1.44.16
-
cpe:2.3:a:sap:openui5:1.44.17
-
cpe:2.3:a:sap:openui5:1.44.18
-
cpe:2.3:a:sap:openui5:1.44.19
-
cpe:2.3:a:sap:openui5:1.44.2
-
cpe:2.3:a:sap:openui5:1.44.20
-
cpe:2.3:a:sap:openui5:1.44.21
-
cpe:2.3:a:sap:openui5:1.44.22
-
cpe:2.3:a:sap:openui5:1.44.23
-
cpe:2.3:a:sap:openui5:1.44.24
-
cpe:2.3:a:sap:openui5:1.44.25
-
cpe:2.3:a:sap:openui5:1.44.26
-
cpe:2.3:a:sap:openui5:1.44.27
-
cpe:2.3:a:sap:openui5:1.44.28
-
cpe:2.3:a:sap:openui5:1.44.29
-
cpe:2.3:a:sap:openui5:1.44.3
-
cpe:2.3:a:sap:openui5:1.44.30
-
cpe:2.3:a:sap:openui5:1.44.31
-
cpe:2.3:a:sap:openui5:1.44.32
-
cpe:2.3:a:sap:openui5:1.44.33
-
cpe:2.3:a:sap:openui5:1.44.34
-
cpe:2.3:a:sap:openui5:1.44.35
-
cpe:2.3:a:sap:openui5:1.44.36
-
cpe:2.3:a:sap:openui5:1.44.37
-
cpe:2.3:a:sap:openui5:1.44.38
-
cpe:2.3:a:sap:openui5:1.44.4
-
cpe:2.3:a:sap:openui5:1.44.5
-
cpe:2.3:a:sap:openui5:1.44.6
-
cpe:2.3:a:sap:openui5:1.44.7
-
cpe:2.3:a:sap:openui5:1.44.8
-
cpe:2.3:a:sap:openui5:1.44.9
-
cpe:2.3:a:sap:openui5:1.50.0
-
cpe:2.3:a:sap:openui5:1.50.1
-
cpe:2.3:a:sap:openui5:1.50.2
-
cpe:2.3:a:sap:openui5:1.50.3
-
cpe:2.3:a:sap:openui5:1.50.4
-
cpe:2.3:a:sap:openui5:1.50.5
-
cpe:2.3:a:sap:openui5:1.50.6
-
cpe:2.3:a:sap:openui5:1.50.7
-
cpe:2.3:a:sap:openui5:1.50.8
-
cpe:2.3:a:sap:openui5:1.50.9
-
cpe:2.3:a:sap:openui5:1.52.0
-
cpe:2.3:a:sap:openui5:1.52.1
-
cpe:2.3:a:sap:openui5:1.52.10
-
cpe:2.3:a:sap:openui5:1.52.11
-
cpe:2.3:a:sap:openui5:1.52.12
-
cpe:2.3:a:sap:openui5:1.52.13
-
cpe:2.3:a:sap:openui5:1.52.14
-
cpe:2.3:a:sap:openui5:1.52.15
-
cpe:2.3:a:sap:openui5:1.52.16
-
cpe:2.3:a:sap:openui5:1.52.17
-
cpe:2.3:a:sap:openui5:1.52.18
-
cpe:2.3:a:sap:openui5:1.52.19
-
cpe:2.3:a:sap:openui5:1.52.2
-
cpe:2.3:a:sap:openui5:1.52.20
-
cpe:2.3:a:sap:openui5:1.52.21
-
cpe:2.3:a:sap:openui5:1.52.22
-
cpe:2.3:a:sap:openui5:1.52.23
-
cpe:2.3:a:sap:openui5:1.52.24
-
cpe:2.3:a:sap:openui5:1.52.3
-
cpe:2.3:a:sap:openui5:1.52.4
-
cpe:2.3:a:sap:openui5:1.52.5
-
cpe:2.3:a:sap:openui5:1.52.6
-
cpe:2.3:a:sap:openui5:1.52.7
-
cpe:2.3:a:sap:openui5:1.52.8
-
cpe:2.3:a:sap:openui5:1.52.9
-
cpe:2.3:a:sap:openui5:1.60.0
-
cpe:2.3:a:sap:openui5:1.60.1
-
cpe:2.3:a:sap:openui5:1.60.2
-
cpe:2.3:a:sap:openui5:1.60.3
-
cpe:2.3:a:sap:openui5:1.60.4
-
cpe:2.3:a:sap:openui5:1.60.5