CVE-2024-34685 — Cross-site Scripting in SE SAP Netweaver Knowledge Management Xmleditor

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 25.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Knowledge Management Xmleditor SAP Netweaver Knowledge Management AND Collaboration

Timeline

PublishedJul 9

Description

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_knowledge_management_xmleditorKMC-WPC 7.50

▶NVDsap/netweaver_knowledge_management_and_collaboration7.50

🔴Vulnerability Details

CVEList

[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor↗2024-07-09

▶

GHSA

GHSA-pqx8-wq5m-gqxx: Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the ap↗2024-07-09

▶