SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...

SAP NetWeaver和Web Dynpro Java跨站脚本漏洞

SAP Web Dynpro Java是一款Java的WEB应用服务程序。 SAP Web Dynpro Java不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 NetWeaver Application包含的User-Agent-Header内容在服务器应答时没有采用正确的编码，伪造User-Agent-Header可触发跨站脚本问题，构建恶意WEB页，诱使用户访问，可导致获得目标用户敏感信息。 SAP NetWeaver Nw04s SP9 SAP NetWeaver Nw04s SP8 SAP NetWeaver Nw04s SP7 SAP...