CVE-2008-1846
The CVE affects SAP NetWeaver prior to 7.0 SP15 where the Always Use Secure HTML Editor (Editor Security) parameter is not enabled by default. This configuration allows remote attackers to perform cross-site scripting (XSS) by entering feedback for a file, as described in the public records. No a...