Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal by SAP
CVE-2020-6323
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 15 October 2020
What is CVE-2020-6323?
The vulnerability in SAP NetWeaver Enterprise Portal allows attackers to exploit insufficient user-input encoding. By leveraging a valid user session, an adversary can inject XSS payloads that are both immediately reflected and persistently stored. This enables unauthorized scripts to execute in the context of a user's session, posing significant security risks as the injected scripts can access sensitive user information and perform actions on behalf of the user.
Affected Version(s)
SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.50 < 7.50
SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.31 < 7.31
SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.40 < 7.40