SAP NetWeaver Knowledge Management XMLEditor Vulnerable to Cross-Site Scripting (XSS)

CVE-2024-34685

6.1MEDIUM

Key Information

Vendor: SAP
Status: SAP Netweaver Knowledge Management Xmleditor
Vendor: CVE Published:; 9 July 2024

Summary

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.

Affected Version(s)

SAP NetWeaver Knowledge Management XMLEditor = KMC-WPC 7.50

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Jul 9, 2024
Vulnerability Reserved.
May 7, 2024

Collectors

NVD DatabaseMitre Database