Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)
Vulnerability Description
SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAP NetWeaver 跨站脚本漏洞
Vulnerability Description
SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。 SAP NetWeaver 7.50版本存在跨站脚本漏洞,该漏洞源于为某些版本化文件返回不利的内容类型,可能允许授权攻击者创建包含恶意内容的文件并通过电子邮件或即时消息向受害者发送链接,可能会导致跨站点脚本漏洞。
CVSS Information
N/A
Vulnerability Type
N/A