How severe is CVE-2023-33991?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2023-33991?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2023-33991 - HIGH Severity | CVSS 8.2

Vulnerability Description

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.

Related Vulnerabilities

CVE-2016-8356

HIGH

CVSS:8.2(High)

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabiliti...

CWE-792016

CVE-2017-2683

HIGH

CVSS:8.2(High)

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining...

CWE-792017

CVE-2018-20850

HIGH

CVSS:8.2(High)

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.

CWE-792018

CVE-2019-18426

HIGH

CVSS:8.2(High)

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnera...

CWE-792019

CVE-2020-14582

HIGH

CVSS:8.2(High)

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-14584

HIGH

CVSS:8.2(High)

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable ...

CWE-792020