CVE-2017-11458
SAP NetWeaver AS JAVA 7.3 is affected by a Cross-Site Scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet. An attacker can inject arbitrary script via the sessionID parameter, enabling remote script execution in affected sessions. Root cause is exposure of unsanitized sessionID inpu...