Vulnerability Details CVE-2023-42479
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-42479
-
cpe:2.3:a:sap:biller_direct:635
-
cpe:2.3:a:sap:biller_direct:750