Lucene search
CVE-2018-11415
SAP ITS 6200.X.X Reflected XSS in wgate URIs (CVE-2018-11415
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Cross site scripting | 24 May 201819:29 | – | prion |
 | CVE-2018-11415 | 24 May 201819:29 | – | nvd |
 | SAP Internet Transaction Server 6200.x Session Fixation / Cross Site Scripting | 25 May 201800:00 | – | packetstorm |
 | SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting | 25 May 201800:00 | – | exploitdb |
 | CVE-2018-11415 | 24 May 201819:00 | – | cvelist |
 | SAP Internet Transaction Server 6200.x - Session Fixation Cross-Site Scripting | 25 May 201800:00 | – | exploitpack |
Node
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/104311 |
| exploit-db | www.exploit-db.com/exploits/44755/ |
| github | www.github.com/0xd0m7/SAP |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| ~SERVICEUNIQUE | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~session | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~clientinput | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~logininput | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~passwdinput | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~client | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~login | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~password | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~POV | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
| ~OkCode | query param | /wgate/scripts/ralp/! | Reflected XSS vulnerability via user-controlled input parameters in the URL leading to cookie modification and session fixation. | CWE-79 |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 May 2018 19:29Current
6Medium risk
Vulners AI Score6
CVSS24.3
CVSS36.1
EPSS0.01114