2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in WGate in SAP Internet Transaction Server ITS 6.20 allows remote attackers to inject arbitrary web script or HTML via 1 a "" sequence in the service parameter to wgate.dll, or 2 Javascript splicing in the query string, a different vector than CVE-2006-5114...
CVE-2006-5114
SAP ITS exposed vulnerability: Cross-site scripting in wgate.dll (wgate) affecting SAP Internet Transaction Server versions 6.1 and 6.2. Attacker can inject arbitrary script via the ~urlmime or ~command parameters. This CVE (CVE-2006-5114) shares vectors with CVE-2003-0749 but is a separate entry...