CVE-2020-6313

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

History

21 Nov 2024, 05:35

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/2953112 - Permissions Required () https://launchpad.support.sap.com/#/notes/2953112 - Permissions Required
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 - Vendor Advisory

Information

Published : 2020-09-09 13:15

Updated : 2024-11-21 05:35


NVD link : CVE-2020-6313

Mitre link : CVE-2020-6313

CVE.ORG link : CVE-2020-6313


JSON object : View

Products Affected

sap

  • netweaver_application_server_java
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output