CVE-2019-0281

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-0281
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0281.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-0281
Published
2019-07-10T19:15:10.080Z
Modified
2026-04-10T04:13:37.193601Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

References

Affected packages

Git / github.com/sap/openui5

Affected ranges

Type
GIT
Repo
https://github.com/sap/openui5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d951e900e01032f3598682c650170721e82c8b86
Introduced
da628845fb7a3522f01e736bd7532f51b4338473
Fixed
7401ca31df36dd35344850deb7ed1291b8641f84
Introduced
d1343cb71a2561737dac318b2e056c9d1b6f5f60
Fixed
216753c367d7ded92b868f7d72b60a77d6d1d43f
Introduced
693bf255a3a1791510f892b7631182bff7697023
Fixed
2fc293b50e07c0cf0dd7a7a7dddf535782e5f0ce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.38.39"
        },
        {
            "introduced": "1.40.0"
        },
        {
            "fixed": "1.44.39"
        },
        {
            "introduced": "1.50.0"
        },
        {
            "fixed": "1.52.25"
        },
        {
            "introduced": "1.60.0"
        },
        {
            "fixed": "1.60.6"
        }
    ]
}

Affected versions

1.*
1.25-codesplit
1.25.0
1.26-codesplit
1.26.0
1.27.0
1.28-codesplit
1.28.0
1.29.0
1.30-codesplit
1.30.0
1.32-codesplit
1.32.0
1.34-codesplit
1.34.0
1.36-codesplit
1.36.0
1.38-codesplit
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.24
1.38.25
1.38.26
1.38.27
1.38.28
1.38.29
1.38.3
1.38.30
1.38.31
1.38.32
1.38.33
1.38.34
1.38.35
1.38.36
1.38.37
1.38.38
1.38.4
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9
1.40-codesplit
1.40.0
1.42-codesplit
1.42.0
1.44-codesplit
1.44.0
1.44.1
1.44.10
1.44.11
1.44.12
1.44.13
1.44.14
1.44.15
1.44.16
1.44.17
1.44.18
1.44.19
1.44.2
1.44.20
1.44.21
1.44.22
1.44.23
1.44.24
1.44.25
1.44.26
1.44.27
1.44.28
1.44.29
1.44.3
1.44.30
1.44.31
1.44.32
1.44.33
1.44.34
1.44.35
1.44.36
1.44.37
1.44.38
1.44.4
1.44.5
1.44.6
1.44.7
1.44.8
1.44.9
1.50-codesplit
1.50.0
1.52-codesplit
1.52.0
1.52.10
1.52.11
1.52.12
1.52.13
1.52.14
1.52.15
1.52.16
1.52.17
1.52.18
1.52.19
1.52.20
1.52.21
1.52.22
1.52.23
1.52.24
1.52.6
1.52.7
1.52.8
1.52.9
1.60-codesplit
1.60.0
xmake/stage-1.*
xmake/stage-1.38.12-1
xmake/stage-1.38.14-1
xmake/stage-1.38.3-1
xmake/stage-1.38.33-1
xmake/stage-1.38.37-1
xmake/stage-1.38.4-1
xmake/stage-1.44.19-1
xmake/stage-1.44.3-1
xmake/stage-1.52.22-1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0281.json"