CVE-2023-0013
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
10/01/2023
Last modified:
13/01/2023
Description
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page