SAP NetWeaver AS Java Multiple XSS (2953112)

The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple cross-site scripting vulnerabilities, as follows: - SAP NetWeaver Application Server JAVA XML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an...

CVE-2020-6326

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

CVE-2020-6326

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent existing access restrictions and execute arbitrary Java scripts.

The vulnerability of the REST API interface of the Business Process Manager system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and execute arbitrary Java scripts using a specially crafted API request...