CVE-2020-6313

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-09 13:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-6313

Mitre link : CVE-2020-6313

CVE.ORG link : CVE-2020-6313


JSON object : View

Products Affected

sap

  • netweaver_application_server_java
CWE
CWE-116

Improper Encoding or Escaping of Output

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')