CVE-2020-6323

Summary

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Enterprise Portal (Fiori Framework Page)< 7.50affected
SAP SESAP NetWeaver Enterprise Portal (Fiori Framework Page)< 7.31affected
SAP SESAP NetWeaver Enterprise Portal (Fiori Framework Page)< 7.40affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References