Cross site scripting

2022-03-1017:46:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

33.7%

JSON

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CPENameOperatorVersion
netweaver_enterprise_portaleq7.31
netweaver_enterprise_portaleq7.11
netweaver_enterprise_portaleq7.20
netweaver_enterprise_portaleq7.30
netweaver_enterprise_portaleq7.40
netweaver_enterprise_portaleq7.50
netweaver_enterprise_portaleq7.10

Name	Operator	Version
netweaver_enterprise_portal	eq	7.31
netweaver_enterprise_portal	eq	7.11
netweaver_enterprise_portal	eq	7.20
netweaver_enterprise_portal	eq	7.30
netweaver_enterprise_portal	eq	7.40
netweaver_enterprise_portal	eq	7.50
netweaver_enterprise_portal	eq	7.10

References

dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

launchpad.support.sap.com/

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for PRION:CVE-2022-24395