mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
998 B
998 B
CVE-2023-36918
&color=brighgreen)
Description
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
POC
Reference
Github
No PoCs found on GitHub currently.