SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.
References
Configurations
No configuration.
History
10 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Oct 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-08 04:15
Updated : 2024-10-10 12:57
NVD link : CVE-2024-47594
Mitre link : CVE-2024-47594
CVE.ORG link : CVE-2024-47594
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')