CVE-2020-6323

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-15 02:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-6323

Mitre link : CVE-2020-6323

CVE.ORG link : CVE-2020-6323


JSON object : View

Products Affected

sap

  • netweaver_enterprise_portal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')