CVE-2024-47594 MEDIUM

CVE-2024-47594: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Vendor Sap_Se
Product SAP NetWeaver Enterprise Portal (KMC)
Weakness CWE-79 · XSS
Published October 8, 2024
Last update October 8, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 8, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-2731 Cross-site Scripting (XSS) - Reflected in openemr/openemr CVE-2023-25052 WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS) CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server CVE-2026-3702 SourceCodester Loan Management System index.php cross site scripting CVE-2025-32180 WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability