CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33703
https://notcve.org/view.php?id=CVE-2021-33703
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los parámetros de la URL. Un atacante puede diseñar un enlace malicioso y enviarlo a la víctima. • http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2022/Jan/71 https://launchpad.support.sap.com/#/notes/3072920 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6323
https://notcve.org/view.php?id=CVE-2020-6323
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. SAP NetWeaver Enterprise Portal (Fiori Framework Page) versiones - 7.50, 7.31, 7.40, no codifican suficientemente las entradas controladas por el usuario y permiten a un atacante en una sesión válida crear un ataque de tipo XSS que será reflejado tanto inmediatamente como también será persistente y regresará con mayor acceso al sistema, resultando en una vulnerabilidad de tipo Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2960329 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2435
https://notcve.org/view.php?id=CVE-2018-2435
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal desde la versión 7.0 hasta la 7.02, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104706 https://launchpad.support.sap.com/#/notes/2643126 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2811
https://notcve.org/view.php?id=CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. Vulnerabilidad de entidad externa XML (XXE) en ReportXmlViewer en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP Security 2111939. • http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/64 http://www.securityfocus.com/archive/1/535827/100/800/threaded http://www.securityfocus.com/bid/73691 https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2812
https://notcve.org/view.php?id=CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. Vulnerabilidad de entidad externa XML (XXE) en XMLValidationComponent en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP 2093966. • http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/62 http://www.securityfocus.com/archive/1/535826/100/800/threaded https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe •