Total
41247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6323 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | ||||
| CVE-2020-6319 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. | ||||
| CVE-2020-6313 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | ||||
| CVE-2020-6312 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. | ||||
| CVE-2020-6305 | 1 Sap | 1 Process Integration | 2024-11-21 | 6.1 Medium |
| PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6303 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 5.4 Medium |
| SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | ||||
| CVE-2020-6300 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.8 Medium |
| SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 9.0 Critical |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | ||||
| CVE-2020-6283 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 6.1 Medium |
| SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. | ||||
| CVE-2020-6281 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | ||||
| CVE-2020-6278 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | ||||
| CVE-2020-6276 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2020-6272 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.4 Medium |
| SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6257 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2020-6254 | 1 Sap | 1 Enterprise Threat Detection | 2024-11-21 | 6.1 Medium |
| SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | ||||
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6231 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6229 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6226 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6222 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||