Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-33702

Опубликовано: 10 авг. 2021
Источник: nvd
CVSS3: 8.3
CVSS3: 6.1
CVSS2: 2.6
EPSS Низкий

Описание

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.00738
Низкий

8.3 High

CVSS3

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

github логотип

GHSA-2f44-722h-c7qc

github
больше 3 лет назад

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.

EPSS

Процентиль: 72%
0.00738
Низкий

8.3 High

CVSS3

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-79
CWE-79