CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6323

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://launchpad.support.sap.com/#/notes/2960329
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://launchpad.support.sap.com/#/notes/2960329
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Products affected by CVE-2020-6323

Sap » Netweaver Enterprise Portal » Version: 7.31

cpe:2.3:a:sap:netweaver_enterprise_portal:7.31
Sap » Netweaver Enterprise Portal » Version: 7.40

cpe:2.3:a:sap:netweaver_enterprise_portal:7.40
Sap » Netweaver Enterprise Portal » Version: 7.50

cpe:2.3:a:sap:netweaver_enterprise_portal:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6323

Products

Pricing

Contact Us