CVE-2020-6323

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions 7.31, 7.40, 7.50

Description The issue arises from insufficient encoding of user-controlled inputs, allowing an attacker with a valid session to create a Cross Site Scripting (XSS) attack. This XSS can be both reflected immediately and persisted, returning in further system accesses.

Recommendations For versions 7.31, 7.40, 7.50, update to a version that includes the fix for this issue to prevent Cross Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.