Cross-Site Scripting Vulnerability in SAP Enterprise Portal
CVE-2022-35224
6.1MEDIUM
What is CVE-2022-35224?
SAP Enterprise Portal versions prior to 7.50 are impacted by an XSS vulnerability due to insufficient encoding of user-controlled inputs. This flaw can lead to the execution of malicious scripts, allowing attackers to compromise user sessions or manipulate portal content, potentially affecting the confidentiality and integrity of user interactions within the portal. Users interacting with the portal are at risk, as exploitation of this vulnerability could allow attackers to deface or alter visible content temporarily, undermining the security of the portal.
Affected Version(s)
SAP Enterprise Portal 7.10
SAP Enterprise Portal 7.11
SAP Enterprise Portal 7.20