Lucene search
HistoryMay 09, 2008 - 6:20 p.m.
CVE-2008-2123
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.946
Percentile
99.3%
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a “<>” sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.
Affected configurations
Node
sapinternet_transaction_serverMatch6200.1017.50954.0_build_730827
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | internet_transaction_server | 6200.1017.50954.0_build_730827 | cpe:2.3:a:sap:internet_transaction_server:6200.1017.50954.0_build_730827:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2008-05-09 18:20:00
cvelist
cvelist
CVE-2008-2123
2008-05-09 18:00:00
CVE-2006-5114
2006-10-02 20:00:00
cve
cve
CVE-2008-2123
2008-05-09 18:20:00
CVE-2006-5114
2006-10-03 04:03:00
nessus
nessus
SAP Internet Transaction Server wgate Multiple Parameter XSS
2006-09-28 00:00:00
exploitdb
exploitdb
nvd
nvd
CVE-2006-5114
2006-10-03 04:03:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.946
Percentile
99.3%
Related for NVD:CVE-2008-2123