CVE-2017-11460

2017-07-25T18:29:00
ID CVE-2017-11460
Type cve
Reporter cve@mitre.org
Modified 2018-12-10T19:29:00

Description

Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.