CVE-2020-6326: XSS
First published: Wed Sep 09 2020(Updated: )
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Knowledge Management | =7.30 | |
| SAP NetWeaver Knowledge Management | =7.31 | |
| SAP NetWeaver Knowledge Management | =7.40 | |
| SAP NetWeaver Knowledge Management | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/sap
- canonical/sap netweaver knowledge management
- version/sap netweaver knowledge management/7.30
- version/sap netweaver knowledge management/7.31
- version/sap netweaver knowledge management/7.40
- version/sap netweaver knowledge management/7.50