SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2020-09-09T12:43:03

Updated: 2024-08-04T08:55:22.450Z

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-09-09T13:15:11.830

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-6313

cve-icon Redhat

No data.