cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47594,https://securityvulnerability.io/vulnerability/CVE-2024-47594,SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability,"SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.",SAP,SAP Netweaver Enterprise Portal (kmc),5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-08T03:21:40.168Z,0
CVE-2024-44120,https://securityvulnerability.io/vulnerability/CVE-2024-44120,SAP NetWeaver Enterprise Portal Vulnerable to Reflected Cross-Site Scripting,"SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.",SAP,SAP Netweaver Enterprise Portal,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:26:46.558Z,0
CVE-2024-25645,https://securityvulnerability.io/vulnerability/CVE-2024-25645,SAP NetWeaver (Enterprise Portal) Vulnerability Allows Access to Restricted Information,"Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.

",SAP,SAP Netweaver (enterprise Portal),5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-12T00:53:58.649Z,0
CVE-2023-33985,https://securityvulnerability.io/vulnerability/CVE-2023-33985,Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal,"SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

",SAP,SAP NetWeaver Enterprise Portal,6.1,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-06-13T03:15:00.000Z,0
CVE-2023-26461,https://securityvulnerability.io/vulnerability/CVE-2023-26461,XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal),"SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.

",SAP,NetWeaver (SAP Enterprise Portal),4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-03-14T05:15:00.000Z,0
CVE-2022-35298,https://securityvulnerability.io/vulnerability/CVE-2022-35298,,"SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.",SAP,SAP Netweaver Enterprise Portal (kmc),6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-09-13T15:43:36.000Z,0
CVE-2022-35225,https://securityvulnerability.io/vulnerability/CVE-2022-35225,,"SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-07-12T20:28:34.000Z,0
CVE-2022-35227,https://securityvulnerability.io/vulnerability/CVE-2022-35227,,"A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.",SAP,SAP Netweaver Enterprise Portal (WPc),6.1,MEDIUM,0.001120000029914081,false,false,false,false,,false,false,2022-07-12T20:28:29.000Z,0
CVE-2022-35172,https://securityvulnerability.io/vulnerability/CVE-2022-35172,,"SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-07-12T20:28:18.000Z,0
CVE-2022-35170,https://securityvulnerability.io/vulnerability/CVE-2022-35170,,"SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-07-12T20:28:02.000Z,0
CVE-2022-32247,https://securityvulnerability.io/vulnerability/CVE-2022-32247,,"SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2022-07-12T20:27:32.000Z,0
CVE-2022-26105,https://securityvulnerability.io/vulnerability/CVE-2022-26105,,"SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0009699999936856329,false,false,false,false,,false,false,2022-04-12T16:11:22.000Z,0
CVE-2022-24395,https://securityvulnerability.io/vulnerability/CVE-2022-24395,,"SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2022-03-10T17:46:00.000Z,0
CVE-2022-24397,https://securityvulnerability.io/vulnerability/CVE-2022-24397,,"SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2022-03-09T16:47:52.000Z,0
CVE-2021-33705,https://securityvulnerability.io/vulnerability/CVE-2021-33705,,"The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.",SAP,SAP Netweaver Enterprise Portal,8.1,HIGH,0.003289999905973673,false,false,false,false,,false,false,2021-09-15T18:01:52.000Z,0
CVE-2021-21489,https://securityvulnerability.io/vulnerability/CVE-2021-21489,,"SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.",SAP,SAP Netweaver Enterprise Portal,4.8,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-14T11:15:14.000Z,0
CVE-2021-33702,https://securityvulnerability.io/vulnerability/CVE-2021-33702,,"Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Enterprise Portal,8.3,HIGH,0.0025100000202655792,false,false,false,false,,false,false,2021-08-10T14:08:12.000Z,0
CVE-2021-33703,https://securityvulnerability.io/vulnerability/CVE-2021-33703,,"Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Enterprise Portal (application Extensions),8.3,HIGH,0.0025100000202655792,false,false,false,false,,false,false,2021-08-10T14:08:06.000Z,0
CVE-2021-33687,https://securityvulnerability.io/vulnerability/CVE-2021-33687,,"SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.",SAP,SAP Netweaver As Java (enterprise Portal),4.5,MEDIUM,0.003329999977722764,false,false,false,false,,false,false,2021-07-14T11:05:00.000Z,0
CVE-2020-6323,https://securityvulnerability.io/vulnerability/CVE-2020-6323,,"SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.",SAP,SAP Netweaver Enterprise Portal (fiori Framework Page),6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-10-15T01:45:27.000Z,0
CVE-2018-2435,https://securityvulnerability.io/vulnerability/CVE-2018-2435,,"SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Enterprise Portal,6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-07-10T18:00:00.000Z,0