Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27499

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.

Published

2023-04-11T03:15:07.547

Last Modified

2024-11-21T07:53:01.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver	7.22ext	Yes
Application	sap	netweaver_application_server_abap	7.22	Yes
Application	sap	netweaver_application_server_abap	7.53	Yes
Application	sap	netweaver_application_server_abap	7.54	Yes
Application	sap	netweaver_application_server_abap	7.77	Yes
Application	sap	netweaver_application_server_abap	7.81	Yes
Application	sap	netweaver_application_server_abap	7.85	Yes
Application	sap	netweaver_application_server_abap	7.89	Yes
Application	sap	netweaver_application_server_abap	7.91	Yes
Application	sap	netweaver_application_server_abap	krnl64uc	Yes
Application	sap	netweaver_application_server_abap	krnl64uc_7.22	Yes

References

https://launchpad.support.sap.com/#/notes/3275458 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3275458 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)