CVE-2023-26457: XSS
First published: Tue Mar 14 2023(Updated: )
SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Content Server | =7.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP Content Server vulnerability?
The vulnerability ID for this SAP Content Server vulnerability is CVE-2023-26457.
What is the severity of CVE-2023-26457?
The severity of CVE-2023-26457 is medium, with a severity value of 6.1.
What is the impact of this vulnerability?
After successful exploitation, an attacker can read and modify some sensitive information, but cannot delete the data.
How does CVE-2023-26457 occur?
CVE-2023-26457 occurs due to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability.
Are there any fixes or patches available for CVE-2023-26457?
Please refer to the following references for information on available fixes or patches: [https://launchpad.support.sap.com/#/notes/3281484](https://launchpad.support.sap.com/#/notes/3281484) and [https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- vendor/sap
- canonical/sap content server
- version/sap content server/7.53