← back
CVE-2020-6323

CVE-2020-6323

EPSS 0.6%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Oct 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
Affected products
SAP SE · SAP NetWeaver Enterprise Portal (Fiori Framework Page)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2960329https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196