CVE-2016-3975

2016-04-07T19:59:00
ID CVE-2016-3975
Type cve
Reporter cve@mitre.org
Modified 2018-12-10T19:29:00

Description

Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.