CVE-2024-44120 — Cross-site Scripting in SE SAP Netweaver Enterprise Portal

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.6%

top 30.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Enterprise Portal

Timeline

PublishedSep 10

Description

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_enterprise_portal7.50

🔴Vulnerability Details

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal↗2024-09-10

▶

GHSA

GHSA-vx3h-qc6g-v68q: SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input↗2024-09-10

▶