Lucene search
SapCVELIST:CVE-2021-33674HistorySep 14, 2021 - 11:24 a.m.
CVE-2021-33674
2021-09-1411:24:33
sap
www.cve.org
3
sap
contact center
xss
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
40.8%
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim’s browser.
CNA Affected
[
{
"product": "SAP Contact Center",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 700"
}
]
}
]Related
cnvd
cnvd
SAP Contact Center Cross-Site Scripting Vulnerability
2021-09-17 00:00:00
prion
prion
Cross site scripting
2021-09-14 12:15:00
cve
cve
CVE-2021-33674
2021-09-14 12:15:08
nvd
nvd
CVE-2021-33674
2021-09-14 12:15:08
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
40.8%
Related for CVELIST:CVE-2021-33674