CVE-2020-6213Cross-site Scripting in SE SAP Netweaver AS Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 58.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver AS Abap Business Server Pages
Timeline
PublishedApr 24
Latest updateMay 24

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_as_abap_business11 versions+10
CVEListV5sap_se/sap_netweaver_as_abap< 700+10

🔴Vulnerability Details

2
GHSA
GHSA-3cxp-7r2h-jh9g: SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulner2022-05-24
CVEList
CVE-2020-6213: SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulner2020-04-24
CVE-2020-6213 — Cross-site Scripting | cvebase