Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2021-08-10T14:08:12
Updated: 2024-08-03T23:58:22.503Z
Reserved: 2021-05-28T00:00:00
Link: CVE-2021-33702
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-10T15:15:07.943
Modified: 2024-11-21T06:09:24.243
Link: CVE-2021-33702
Redhat
No data.