Cross site scripting

2021-06-0914:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

22.9%

JSON

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CPENameOperatorVersion
netweaver_application_server_abapeq31
netweaver_application_server_abapeq702
netweaver_application_server_abapeq750
netweaver_application_server_abapeq752
netweaver_application_server_abapeq753
netweaver_application_server_abapeq754
netweaver_application_server_abapeq755

Name	Operator	Version
netweaver_application_server_abap	eq	31
netweaver_application_server_abap	eq	702
netweaver_application_server_abap	eq	750
netweaver_application_server_abap	eq	752
netweaver_application_server_abap	eq	753
netweaver_application_server_abap	eq	754
netweaver_application_server_abap	eq	755

References

launchpad.support.sap.com/

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for PRION:CVE-2021-33664