PT-2020-19012 · Sap · Sap Netweaver As Abap
Published
2020-04-24
·
Updated
2020-05-05
·
CVE-2020-6213
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT PHTMLB versions 700 through 754
Description
The issue is related to reflected Cross-Site Scripting (XSS) due to insufficient encoding of user-controlled inputs via different URL parameters.
Recommendations
For versions 700 through 754, ensure that user-controlled inputs are properly encoded to prevent XSS attacks. As a temporary workaround, consider restricting access to the SBSPEXT PHTMLB application until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver As Abap