CVE-2020-6326
Severity
5.4MEDIUM
EPSS
0.3%
top 45.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 9
Latest updateMay 24
Description
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7