Cross site scripting

2020-04-1419:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

36.3%

JSON

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CPENameOperatorVersion
netweaver_as_abap_business_server_pageseq700
netweaver_as_abap_business_server_pageseq701
netweaver_as_abap_business_server_pageseq702
netweaver_as_abap_business_server_pageseq710
netweaver_as_abap_business_server_pageseq711
netweaver_as_abap_business_server_pageseq730
netweaver_as_abap_business_server_pageseq731
netweaver_as_abap_business_server_pageseq740
netweaver_as_abap_business_server_pageseq750
netweaver_as_abap_business_server_pageseq751

Name	Operator	Version
netweaver_as_abap_business_server_pages	eq	700
netweaver_as_abap_business_server_pages	eq	701
netweaver_as_abap_business_server_pages	eq	702
netweaver_as_abap_business_server_pages	eq	710
netweaver_as_abap_business_server_pages	eq	711
netweaver_as_abap_business_server_pages	eq	730
netweaver_as_abap_business_server_pages	eq	731
netweaver_as_abap_business_server_pages	eq	740
netweaver_as_abap_business_server_pages	eq	750
netweaver_as_abap_business_server_pages	eq	751