3 matches found
CVE-2021-33705
The CVE-2021-33705 issue affects SAP NetWeaver Portal (Iviews Editor) and is caused by a Server-Side Request Forgery (SSRF) vulnerability in the design-time component. An unauthenticated attacker can craft a malicious URL that, when a user clicks it, makes arbitrary requests (e.g., POST, GET) to ...
CVE-2017-11460
CVE-2017-11460 is a cross-site scripting (XSS) vulnerability in the DataArchivingService servlet of SAP NetWeaver Portal 7.4. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the responsecode parameter in shp/shp_result.jsp. Public sources consistently desc...
CVE-2018-2365
CVE-2018-2365 affects SAP NetWeaver Portal, WebDynpro Java versions 7.30, 7.31, 7.40, and 7.50. The vulnerability arises from insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. The connected documents confirm the affected product family and t...