CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-26105
https://notcve.org/view.php?id=CVE-2022-26105
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de ejecución de scripts por parte de un atacante no autenticado debido a la incorrecta sanitización de las entradas del usuario mientras interactúa en la Red. Si es explotado con éxito, un atacante puede visualizar o modificar la información causando un impacto limitado en la confidencialidad e integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3163583 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24397
https://notcve.org/view.php?id=CVE-2022-24397
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. SAP NetWeaver Enterprise Portal - versiones 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) reflejado. La ejecución del contenido del script por parte de una víctima registrada en el portal podría comprometer la confidencialidad e integridad del navegador web de la víctima • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 https://launchpad.support.sap.com/#/notes/3146260 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24395
https://notcve.org/view.php?id=CVE-2022-24395
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) reflejado • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 https://launchpad.support.sap.com/#/notes/3146261 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21489
https://notcve.org/view.php?id=CVE-2021-21489
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content. SAP NetWeaver Enterprise Portal versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifican suficientemente los datos relacionados con el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado. Esto permitiría a un atacante con privilegios administrativos almacenar un script malicioso en el portal. • https://launchpad.support.sap.com/#/notes/3082219 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33702
https://notcve.org/view.php?id=CVE-2021-33702
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. En determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los datos de los informes. Un atacante puede diseñar datos maliciosos e imprimirlos en el informe. • http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationReporter-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2022/Jan/70 https://launchpad.support.sap.com/#/notes/3073681 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •