Cross site scripting

2013-02-1220:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.

CPENameOperatorVersion
netweavereq7.02
netweavereq7.0 sp15
netweavereq7.0 ehp2
netweavereq7.01
netweavereq7.0 ehp1
netweavereq7.0 sp8
netweaverle7.30
netweavereq7.10
netweavereq7.0

Name	Operator	Version
netweaver	eq	7.02
netweaver	eq	7.0 sp15
netweaver	eq	7.0 ehp2
netweaver	eq	7.01
netweaver	eq	7.0 ehp1
netweaver	eq	7.0 sp8
netweaver	le	7.30
netweaver	eq	7.10
netweaver	eq	7.0

References

dsecrg.com/pages/vul/show.php?id=330

secunia.com/advisories/45708

www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4

www.securityfocus.com/archive/1/520551/100/0/threaded

www.securityfocus.com/bid/49266/info

exchange.xforce.ibmcloud.com/vulnerabilities/69331