CVE Record: CVE-2020-6323

Required CVE Record Information

Description

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

Product Status

Learn more

Versions 3 Total

Default Status: unknown

affected

References 2 Total

https://launchpad.support.sap.com/#/notes/2960329
external site
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://launchpad.support.sap.com/#/notes/2960329
external site
x_transferred
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: SAP SE

Description

Product Status

References 2 Total

CVE Program

References 2 Total