Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for enterprise_portal by sap

    CVE-2022-35224 (GCVE-0-2022-35224)

    Vulnerability from nvd – Published: 2022-07-12 20:30 – Updated: 2024-08-03 09:29
    VLAI
    Summary
    SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Portal Affected: 7.10
    Affected: 7.11
    Affected: 7.20
    Affected: 7.30
    Affected: 7.31
    Affected: 7.40
    Affected: 7.50
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3210779"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Portal",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.10"
                },
                {
                  "status": "affected",
                  "version": "7.11"
                },
                {
                  "status": "affected",
                  "version": "7.20"
                },
                {
                  "status": "affected",
                  "version": "7.30"
                },
                {
                  "status": "affected",
                  "version": "7.31"
                },
                {
                  "status": "affected",
                  "version": "7.40"
                },
                {
                  "status": "affected",
                  "version": "7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\ufffds web browser session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T20:30:20.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3210779"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-35224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.11"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.20"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.30"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.40"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\ufffds web browser session."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3210779",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3210779"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-35224",
        "datePublished": "2022-07-12T20:30:20.000Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:29:17.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10701 (GCVE-0-2017-10701)

    Vulnerability from nvd – Published: 2017-09-28 19:00 – Updated: 2024-08-05 17:41
    VLAI
    Summary
    Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:41:55.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2017090219"
              },
              {
                "name": "100788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100788"
              },
              {
                "name": "100805",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100805"
              },
              {
                "name": "101068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-03T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100786",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2017090219"
            },
            {
              "name": "100788",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100788"
            },
            {
              "name": "100805",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100805"
            },
            {
              "name": "101068",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100786",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100786"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2017090219",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2017090219"
                },
                {
                  "name": "100788",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100788"
                },
                {
                  "name": "100805",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100805"
                },
                {
                  "name": "101068",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10701",
        "datePublished": "2017-09-28T19:00:00.000Z",
        "dateReserved": "2017-06-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:41:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7367 (GCVE-0-2013-7367)

    Vulnerability from nvd – Published: 2014-04-10 15:00 – Updated: 2024-09-16 16:23
    VLAI
    Summary
    SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1658947"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/research-advisories.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-10T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1658947"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/research-advisories.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7367",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1658947",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1658947"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "http://www.onapsis.com/research-advisories.php",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/research-advisories.php"
                },
                {
                  "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7367",
        "datePublished": "2014-04-10T15:00:00.000Z",
        "dateReserved": "2014-04-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:23:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7365 (GCVE-0-2013-7365)

    Vulnerability from nvd – Published: 2014-04-10 15:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
              },
              {
                "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1589716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "name": "58155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/58155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/research-advisories.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
            },
            {
              "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1589716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "58155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/58155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/research-advisories.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
                },
                {
                  "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1589716",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1589716"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "58155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/58155"
                },
                {
                  "name": "http://www.onapsis.com/research-advisories.php",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/research-advisories.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7365",
        "datePublished": "2014-04-10T15:00:00.000Z",
        "dateReserved": "2014-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35224 (GCVE-0-2022-35224)

    Vulnerability from cvelistv5 – Published: 2022-07-12 20:30 – Updated: 2024-08-03 09:29
    VLAI
    Summary
    SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Portal Affected: 7.10
    Affected: 7.11
    Affected: 7.20
    Affected: 7.30
    Affected: 7.31
    Affected: 7.40
    Affected: 7.50
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3210779"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Portal",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.10"
                },
                {
                  "status": "affected",
                  "version": "7.11"
                },
                {
                  "status": "affected",
                  "version": "7.20"
                },
                {
                  "status": "affected",
                  "version": "7.30"
                },
                {
                  "status": "affected",
                  "version": "7.31"
                },
                {
                  "status": "affected",
                  "version": "7.40"
                },
                {
                  "status": "affected",
                  "version": "7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\ufffds web browser session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T20:30:20.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3210779"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-35224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.11"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.20"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.30"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.40"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\ufffds web browser session."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3210779",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3210779"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-35224",
        "datePublished": "2022-07-12T20:30:20.000Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:29:17.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10701 (GCVE-0-2017-10701)

    Vulnerability from cvelistv5 – Published: 2017-09-28 19:00 – Updated: 2024-08-05 17:41
    VLAI
    Summary
    Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:41:55.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2017090219"
              },
              {
                "name": "100788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100788"
              },
              {
                "name": "100805",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100805"
              },
              {
                "name": "101068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-03T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100786",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2017090219"
            },
            {
              "name": "100788",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100788"
            },
            {
              "name": "100805",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100805"
            },
            {
              "name": "101068",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100786",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100786"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2017090219",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2017090219"
                },
                {
                  "name": "100788",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100788"
                },
                {
                  "name": "100805",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100805"
                },
                {
                  "name": "101068",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10701",
        "datePublished": "2017-09-28T19:00:00.000Z",
        "dateReserved": "2017-06-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:41:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7367 (GCVE-0-2013-7367)

    Vulnerability from cvelistv5 – Published: 2014-04-10 15:00 – Updated: 2024-09-16 16:23
    VLAI
    Summary
    SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1658947"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/research-advisories.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-10T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1658947"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/research-advisories.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7367",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130222 [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1658947",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1658947"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "http://www.onapsis.com/research-advisories.php",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/research-advisories.php"
                },
                {
                  "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7367",
        "datePublished": "2014-04-10T15:00:00.000Z",
        "dateReserved": "2014-04-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:23:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7365 (GCVE-0-2013-7365)

    Vulnerability from cvelistv5 – Published: 2014-04-10 15:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
              },
              {
                "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1589716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "name": "58155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/58155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.onapsis.com/research-advisories.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-29T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
            },
            {
              "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1589716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "58155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/58155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.onapsis.com/research-advisories.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003"
                },
                {
                  "name": "20130222 [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1589716",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1589716"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "58155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/58155"
                },
                {
                  "name": "http://www.onapsis.com/research-advisories.php",
                  "refsource": "MISC",
                  "url": "http://www.onapsis.com/research-advisories.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7365",
        "datePublished": "2014-04-10T15:00:00.000Z",
        "dateReserved": "2014-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }