CVE-2023-26457

CVSS V2 None CVSS V3 None
Description
SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.
Overview
  • CVE ID
  • CVE-2023-26457
  • Assigner
  • cna@sap.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-03-14T05:15:30
  • Last Modified Date
  • 2023-04-11T21:15:21
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 06:23:11 Added to TrackCVE
2023-04-17 06:23:13 Weakness Enumeration new