SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2020-10-15T01:45:27
Updated: 2024-08-04T08:55:22.480Z
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6323
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-15T02:15:12.657
Modified: 2024-11-21T05:35:30.527
Link: CVE-2020-6323
Redhat
No data.