Unrated severityNVD Advisory· Published Aug 10, 2021· Updated Aug 3, 2024
CVE-2021-33703
CVE-2021-33703
Description
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 7.30, 7.31, 7.40, 7.50
- SAP SE/SAP NetWeaver Enterprise Portal (Application Extensions)v5Range: < 7.30
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Jan/71mitremailing-listx_refsource_FULLDISC
- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.