Описание
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
Уязвимость программной интеграционной платформы SAP NetWeaver Enterprise Portal, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю выполнить произвольный код
EPSS
6.1 Medium
CVSS3