CVE-2023-29112 Information

Description

The SAP Application Interface (Message Monitoring) - versions 600 700 allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations an attacker can cause limited impact on the confidentiality and integrity of the application.

Reference

https://launchpad.support.sap.com/#/notes/3114489 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html