Описание
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00666
Низкий
8.3 High
CVSS3
6.1 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
EPSS
Процентиль: 71%
0.00666
Низкий
8.3 High
CVSS3
6.1 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79
CWE-79