CVE-2020-6326
MEDIUMSAP NetWeaver Knowledge Management 7.30-7.50 - Authenticated Stored Cross-Site Scripting via Malicious UI Links
Title source: llmDescription
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2953112
Scores
CVSS v3
5.4
EPSS
0.0031
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
sap/netweaver_knowledge_management
7.30
sap/netweaver_knowledge_management
7.31
sap/netweaver_knowledge_management
7.40
sap/netweaver_knowledge_management
7.50
Published
Sep 09, 2020
Tracked Since
Feb 18, 2026