VDB
CVE-2020-6254
CVE-2020-6254
PUBLISHED
CVSS 6.099999904632568 MEDIUM
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.
EPSS 0.19% · 40.8th percentile
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.19%
40.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP Enterprise Threat Detection | < 1.0, < 2.0 |
| sap | enterprise_threat_detection | 2.0, 1.0 |
Exploit Intelligence
Timeline
- May 12, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score