Cross-Site Scripting in SAP Web Dynpro Java by SAP
CVE-2007-3496
Currently unrated
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 29 June 2007
What is CVE-2007-3496?
The vulnerability allows remote attackers to exploit the SAP Web Dynpro Java component by injecting arbitrary web scripts or HTML through the User-Agent HTTP header. This exploitation could lead to unauthorized actions performed on behalf of legitimate users, enabling various attack scenarios such as session hijacking or user data theft.