SAP NetWeaver Portal Cross-Site Scripting Vulnerability (CNVD-2022-56965)

SAP NetWeaver Portal is a component of the SAP NetWeaver architecture from SAP Germany. cross-site scripting vulnerabilities exist in SAP NetWeaver Portal versions 7.30, 7.31, 7.40 and 7.50, which stem from a failure to adequately validate user-controlled input. An attacker could exploit the vulnerability to execute arbitrary scripting code that could lead to the theft or modification of a user’s authentication information, such as data related to the user’s current session.