CVE-2005-3634
SAP Web Application Server (WAS) 6.10–7.00 is affected by an open redirect in frameset.htm of the BSP runtime. A remote attacker can cause users to log out and be redirected to arbitrary sites by manipulating sap-sessioncmd (close) and sap-exiturl parameters. The vulnerability is tied to the BSP ...