CVE-2023-27499
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-79
Neutralización incorrecta de la entrada durante la generación de la página web (Cross-site Scripting)
Fecha de publicación:
11/04/2023
Última modificación:
18/04/2023
Descripción
*** Pendiente de traducción *** SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user&#39;s browser. The information from the victim&#39;s web browser can either be modified or read and sent to the attacker.<br />
<br />
Impacto
Puntuación base 3.x
6.10
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:7.91:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página