CVE-2023-26457 (content_server)

SAP Content Server – version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.

Related Stories

CVE-2023-27135

CVE-2023-27578 (galaxy)

CVE-2023-27586 (cairosvg)

You may have missed

Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC High

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law

CIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools Roundtable