CVE-2022-35298 Information
Sep 14, 2022
cve
Description
SAP NetWeaver Enterprise Portal (KMC) - version 7.50 does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.
Reference
https://launchpad.support.sap.com/#/notes/3219164 https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3
Share on: