Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2021-08-10T14:08:12

Updated: 2024-08-03T23:58:22.503Z

Reserved: 2021-05-28T00:00:00

Link: CVE-2021-33702

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-10T15:15:07.943

Modified: 2024-11-21T06:09:24.243

Link: CVE-2021-33702

cve-icon Redhat

No data.