CVE-2023-42479: Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct

6.1 CVSS

Description

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

Classification

CVE ID: CVE-2023-42479

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

Affected Products

Vendor: SAP_SE

Product: SAP Biller Direct

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 35.17% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://me.sap.com/notes/3383321
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Timeline

2024-11-27 14:41:24 UTC
CVE

Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct