CVE-2020-6303

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 46.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Disclosure ManagementSAP Disclosure Management
Timeline
PublishedJan 14
Latest updateMay 24

Description

SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-fp4g-4qqr-365q: SAP Disclosure Management, before version 102022-05-24
CVEList
CVE-2020-6303: SAP Disclosure Management, before version 102020-01-14
CVE-2020-6303 (MEDIUM CVSS 5.4) | SAP Disclosure Management | cvebase.io