CVE-2020-6323
MEDIUMSAP NetWeaver Enterprise Portal -7.50-7.40-7.31 - XSS
Title source: llmDescription
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2960329
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
58.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
sap/netweaver_enterprise_portal
7.31
sap/netweaver_enterprise_portal
7.40
sap/netweaver_enterprise_portal
7.50
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026