Cross-Site Scripting Vulnerabilities in SAP Internet Transaction Server
CVE-2006-5114

Currently unrated

Key Information:

Vendor: SAP
Status: Internet Transaction Server
Vendor: CVE Published:; 3 October 2006

What is CVE-2006-5114?

Multiple vulnerabilities exist in the SAP Internet Transaction Server (ITS) 6.1 and 6.2, allowing attackers to exploit the application through cross-site scripting. By injecting arbitrary web scripts or HTML code via the parameters ~urlmime or ~command, unauthorized users can manipulate how the server processes web requests. This exploitation could lead to unauthorized data exposure or other malicious activities, underscoring the importance of securing web applications against such vulnerabilities.

References

http://securityreason.com/securityalert/1665

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/20244

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/447262/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2006
Vulnerability Reserved
Oct 2, 2006