CVE-2020-6313

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

Information

Published : 2020-09-09 06:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-6313

Mitre link : CVE-2020-6313


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output

Advertisement

dedicated server usa

Products Affected

sap

  • netweaver_application_server_java