CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33702 – SAP Enterprise Portal NavigationReporter Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-33702
10 Aug 2021 — Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. En determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no cod... • http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationReporter-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33703 – SAP Enterprise Portal RunContentCreation Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-33703
10 Aug 2021 — Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los parámetros de la URL. Un atacante puede diseñar un enlace malicioso y enviarlo a la víctima. • http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2435
https://notcve.org/view.php?id=CVE-2018-2435
10 Jul 2018 — SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal desde la versión 7.0 hasta la 7.02, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10701 – SAP Enterprise Portal 7.50 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-10701
28 Sep 2017 — Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en SAP Enterprise Portal 7.50 permite que atacantes remotos inyecten scripts web o HTML arbitrarios. Esta vulnerabilidad también se puede consultar en SAP Security Notes 2469860, 2471209 y 2488516. SAP Enterprise Portal versions 7.50 and below suffer from a cross site ... • http://www.securityfocus.com/bid/100786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •