CVE-2020-6313

Summary

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS JAVA (XML Forms)< 7.30affected
SAP SESAP NetWeaver AS JAVA (XML Forms)< 7.31affected
SAP SESAP NetWeaver AS JAVA (XML Forms)< 7.40affected
SAP SESAP NetWeaver AS JAVA (XML Forms)< 7.50affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References