SAP NetWeaver AS Cross-Site Scripting Vulnerability (CNVD-2023-40169)

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP (Business Server Pages) versions 700, 701, 702, 731, and 740. An attacker could use this vulnerability to inject malicious code to change a user’s current session and gain access to data.