CVE-2020-6323Cross-site Scripting in SE SAP Netweaver Enterprise Portal

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 41.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Enterprise PortalSAP Netweaver Enterprise Portal
Timeline
PublishedOct 15
Latest updateMay 24

Description

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_enterprise_portal7.31, 7.40, 7.50+2

🔴Vulnerability Details

2
GHSA
GHSA-p38h-pwx6-7hwx: SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 72022-05-24
CVEList
CVE-2020-6323: SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 72020-10-15
CVE-2020-6323 — Cross-site Scripting | cvebase