Lucene search
China National Vulnerability DatabaseCNVD-2024-13534HistoryMar 14, 2024 - 12:00 a.m.
SAP NetWeaver AS Cross-Site Scripting Vulnerability (CNVD-2024-13534)
2024-03-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
sap
netweaver
cross-site scripting
vulnerability
cnvd-2024-13534
web script
html
sap gui
abap
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP, which stems from insufficiently coded user-controlled input in SAP GUI for HTML-based applications, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sap sap netweaver as | eq | 7.89 | |
| sap sap netweaver as | eq | 7.93 |
Related
nvd
nvd
CVE-2024-27902
2024-03-12 01:15:50
cvelist
cvelist
cve
cve
CVE-2024-27902
2024-03-12 01:15:50
prion
prion
Cross site scripting
2024-03-12 01:15:00
nessus
nessus
SAP NetWeaver AS ABAP XSS (March 2024)
2024-03-13 00:00:00