SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3275458 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-04-11T02:48:52.677Z
Updated: 2023-05-03T03:20:34.384Z
Reserved: 2023-03-02T03:37:32.233Z
Link: CVE-2023-27499
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-11T03:15:07.547
Modified: 2023-04-18T16:02:19.700
Link: CVE-2023-27499
JSON object: View
Redhat Information
No data.
CWE