Описание
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.
Ссылки
- Permissions Required
- PatchVendor Advisory
- Permissions Required
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sap:cloud_connector:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00156
Низкий
5.9 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
github
больше 3 лет назад
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.
EPSS
Процентиль: 37%
0.00156
Низкий
5.9 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79