Unrated severityNVD Advisory· Published Oct 15, 2020· Updated Aug 4, 2024
CVE-2020-6323
CVE-2020-6323
Description
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
Affected products
2- Range: 7.50, 7.31, 7.40
- SAP SE/SAP NetWeaver Enterprise Portal (Fiori Framework Page)v5Range: < 7.50
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.