CVE-2020-6213Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB), SAP security note 2872752

Description

SAP NetWeaver AS ABAP – Business Server Pages Test Application IT05 SBSPEXT_PHTMLB does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

Some well-known impacts of XSS vulnerability are –

non-permanently deface or modify displayed content from a Web site
steal authentication information of the user, such as data relating to his or her current session
impersonate the user and access all information with the same rights as the target user

Available fix and Supported packages

SAP_BASIS | 700 | 702
SAP_BASIS | 730 | 730
SAP_BASIS | 731 | 731
SAP_BASIS | 740 | 740
SAP_BASIS | 750 | 754
SAP_BASIS 751 | SAPK-75110INSAPBASIS |
SAP_BASIS 752 | SAPK-75206INSAPBASIS |
SAP_BASIS 753 | SAPK-75304INSAPBASIS |
SAP_BASIS 700 | SAPKB70038 |
SAP_BASIS 701 | SAPKB70123 |
SAP_BASIS 702 | SAPKB70223 |
SAP_BASIS 730 | SAPKB73021 |
SAP_BASIS 731 | SAPKB73127 |
SAP_BASIS 740 | SAPKB74024 |
SAP_BASIS 754 | SAPK-75402INSAPBASIS |
SAP_BASIS 750 | SAPK-75018INSAPBASIS |
SAP_BASIS 751 | SAPK-75111INSAPBASIS |
SAP_BASIS 752 | SAPK-75207INSAPBASIS |
SAP_BASIS 753 | SAPK-75305INSAPBASIS |
SAP_BASIS 754 | SAPK-75403INSAPBASIS |
| SAPK-781BHINSAPBASIS |

Affected component

CVSS

Score: 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2872752

Vahagn Vardanian

CVE-2020-6213Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB), SAP security note 2872752

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#&65279-XSS
#stored-XSS
#CVE-2020-6213-reflected-XSS
#CSS&65279

Explore More

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

CVE-2025-0063 SQL Injection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Vahagn Vardanian

CVE-2020-6213Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB), SAP security note 2872752

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#&65279-XSS#stored-XSS#CVE-2020-6213-reflected-XSS#CSS&65279

Explore More

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

CVE-2025-0063 SQL Injection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Special offer for SAP Security Udemy course!

$ 9.99

#&65279-XSS
#stored-XSS
#CVE-2020-6213-reflected-XSS
#CSS&65279