CVE-2020-6326

medium

Description

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.

References

https://launchpad.support.sap.com/#/notes/2953112

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Details

Source: MITRE

Published: 2020-09-09

Updated: 2020-09-14

Type: CWE-79

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.3

Severity: MEDIUM