CVE-2024-30215Cross-site Scripting in SE SAP Business Connector

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 64.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Connector
Timeline
PublishedApr 9

Description

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP Business Connector2024-04-09
GHSA
GHSA-6m86-m75c-rj5c: The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page2024-04-09
CVE-2024-30215 — Cross-site Scripting | cvebase