SAP NetWeaver is a set of integrated service-oriented application platform from SAP Germany. The platform mainly provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver, which stems from insufficient coding of user input and can be exploited to inject code that exposes sensitive data, such as user IDs and passwords.