CVE-2018-17865

A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2018-17865

A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

SAP J2EE Engine Cross-Site Scripting Vulnerability

SAP J2EE Engine is a set of runtime environments for J2EE applications. A cross-site scripting vulnerability exists in SAP J2EE Engine due to the failure of SAP J2EE Engine/7.01/Portal/EPP to effectively validate or filter user-entered data, resulting in cross-site scripting in the "ctcprotocol"...