Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-wfxp-9533-q68r

Опубликовано: 08 окт. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 5.4

Описание

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.

Ссылки

EPSS

Процентиль: 63%
0.00452
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2024-47594

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2024-47594

CVSS3: 5.4
nvd
больше 1 года назад

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.

fstec логотип

BDU:2024-08514

CVSS3: 5.4
fstec
больше 1 года назад

Уязвимость программной интеграционной платформы SAP NetWeaver Enterprise Portal, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 63%
0.00452
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2024-47594

Дефекты

CWE-79