CVE-2020-26835

medium

Description

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

https://launchpad.support.sap.com/#/notes/2996479

Details

Source: Mitre, NVD

Published: 2020-12-09

Updated: 2022-10-05

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N