CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33702
https://notcve.org/view.php?id=CVE-2021-33702
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. En determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los datos de los informes. Un atacante puede diseñar datos maliciosos e imprimirlos en el informe. • http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationReporter-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2022/Jan/70 https://launchpad.support.sap.com/#/notes/3073681 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33703
https://notcve.org/view.php?id=CVE-2021-33703
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los parámetros de la URL. Un atacante puede diseñar un enlace malicioso y enviarlo a la víctima. • http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2022/Jan/71 https://launchpad.support.sap.com/#/notes/3072920 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2435
https://notcve.org/view.php?id=CVE-2018-2435
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal desde la versión 7.0 hasta la 7.02, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104706 https://launchpad.support.sap.com/#/notes/2643126 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2365
https://notcve.org/view.php?id=CVE-2018-2365
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Portal y WebDynpro Java 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/102999 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2547977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •