Total
37112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6392 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2020-6391 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6370 | 1 Sap | 1 Netweaver Design Time Repository | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6368 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | |||||
| CVE-2020-6367 | 1 Sap | 1 Netweaver Composite Application Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified. | |||||
| CVE-2020-6326 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. | |||||
| CVE-2020-6324 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting. | |||||
| CVE-2020-6323 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | |||||
| CVE-2020-6319 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. | |||||
| CVE-2020-6313 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | |||||
| CVE-2020-6312 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. | |||||
| CVE-2020-6305 | 1 Sap | 1 Process Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6303 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | |||||
| CVE-2020-6300 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | |||||
| CVE-2020-6283 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. | |||||
| CVE-2020-6281 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | |||||
| CVE-2020-6278 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | |||||
| CVE-2020-6276 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2020-6272 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||