Unrated severityNVD Advisory· Published Sep 9, 2020· Updated Aug 4, 2024
CVE-2020-6313
CVE-2020-6313
Description
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
Affected products
2- Range: 7.30, 7.31, 7.40, 7.50
- SAP SE/SAP NetWeaver AS JAVA (XML Forms)v5Range: < 7.30
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.