CVE-2023-33984

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.5%

top 32.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (design Time Repository)SAP Netweaver

Timeline

PublishedJun 13

Description

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_(design_time_repository)7.50

▶NVDsap/netweaver7.50

🔴Vulnerability Details

GHSA

GHSA-98rj-9x2h-22g5: SAP NetWeaver (Design Time Repository) - version 7↗2023-06-13

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)↗2023-06-13

▶