CVE-2023-33985

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 33.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Enterprise Portal SAP Netweaver

Timeline

PublishedJun 13

Description

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_enterprise_portal7.50

▶NVDsap/netweaver7.50

🔴Vulnerability Details

GHSA

GHSA-m62j-6354-rhr8: SAP NetWeaver Enterprise Portal - version 7↗2023-06-13

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal↗2023-06-13

▶