CVE-2021-42063 PoC — SAP Knowledge Warehouse 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-42063.yaml

Associated Vulnerability

Title:SAP Knowledge Warehouse 跨站脚本漏洞 (CVE-2021-42063)
Description:SAP Business Information Warehouse（SAP BW）是德国SAP公司的一款应用于企业环境中用于收集和统计信息的数据仓库。该软件是一个企业范围的信息中心，可从R / 3和其他业务应用程序进行数据分析，包括数据库和Internet等外部数据源。 SAP Knowledge Warehouse存在跨站脚本漏洞，该漏洞源于软件在Web浏览器中使用一个SAP KW组件缺少对于用户提交的参数数据进行过滤和转义，这使未经授权的攻击者可利用该漏洞能够执行XSS攻击，这可能导致泄漏敏感数据。

Description

SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.

File Snapshot


 id: CVE-2021-42063

info:
  name: SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
  author: p

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!