Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from a RunContentCreation cross site scripting vulnerability.