VYPR
Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024

CVE-2020-26835

CVE-2020-26835

Description

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

Affected products

2
  • Range: 740, 750, 751, 752, 753, 754
  • SAP SE/SAP NetWeaver AS ABAPv5
    Range: < 740

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.