SAP GUI for HTML in SAP NetWeaver AS ABAP vulnerable to Cross-Site Scripting (XSS)
CVE-2024-27902
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 March 2024
What is CVE-2024-27902?
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system
Affected Version(s)
SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI) 7.89
SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI) 7.93