CVE-2023-27499

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 31.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE GUI FOR HtmlSAP NetweaverSAP Netweaver Application Server Abap
Timeline
PublishedApr 11

Description

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacke

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5sap_se/gui_for_html13 versions+12
NVDsap/netweaver7.22ext
NVDsap/netweaver_application10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-mqmw-59rf-wv9g: SAP GUI for HTML - versions KERNEL 72023-04-11
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML2023-04-11
CVE-2023-27499 (MEDIUM CVSS 6.1) | SAP GUI for HTML - versions KERNEL | cvebase.io