CVE-2019-0369

EUVD-2019-1142
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
sapfinancial_consolidation
10.0
sapfinancial_consolidation
10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2806403
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
https://launchpad.support.sap.com/#/notes/2806403
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050