header-logo
Suggest Exploit
vendor:
SAP Netweaver
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: SAP Netweaver
Affected Version From: 6.4
Affected Version To: 7
Patch Exists: No
Related CWE: Not mentioned
CPE: a:sap:netweaver:6.4, cpe:/a:sap:netweaver:7.0
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting Vulnerability in SAP Netweaver

The vulnerability exists in SAP Netweaver due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and other malicious activities.

Mitigation:

Apply patches or updates provided by the vendor to address the vulnerability. Implement strict input validation and output encoding to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41925/info

SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SAP Netweaver 6.4 through 7.0 is vulnerable; other versions may also be affected.

https://www.example.com/wsnavigator/jsps/explorer/help.jsp?title=Test">AAAAAAAA<script>alert(&#039;XSS&#039;)</script>

Navigation

Suggest Exploit

Services By CQR