PT-2023-15948 · Sap · Sap Netweaver Application Server Abap
Published
2023-01-10
·
Updated
2023-01-13
·
CVE-2023-0013
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757
Description
The ABAP Keyword Documentation of SAP NetWeaver Application Server does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. On successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Recommendations
For versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Abap