Cross site scripting

2023-08-0801:15:00

PRIOn knowledge base

www.prio-n.com

sap

netweaver

process integration

cross-site scripting

xss

user-controlled inputs

encoded

nvd

confidentiality

integrity

0.0005 Low

EPSS

Percentile

17.1%

JSON

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.

CPENameOperatorVersion
netweaver_process_integrationeq7.50

CPE	Name	Operator	Version
	netweaver_process_integration	eq	7.50

References

me.sap.com/notes/3350494

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for PRION:CVE-2023-37488