CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6185
https://notcve.org/view.php?id=CVE-2020-6185
12 Feb 2020 — Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), permite a un atacante autenticado almacenar una carga útil maliciosa que ... • https://launchpad.support.sap.com/#/notes/2880869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6184
https://notcve.org/view.php?id=CVE-2020-6184
12 Feb 2020 — Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), no codifica suficientemente las entradas controladas por el usuario, resulta... • https://launchpad.support.sap.com/#/notes/2863397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •