CVE-2008-2421

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server; Web Dynpro
Vendor: CVE Published:; 23 May 2008

Summary

Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.

References

http://www.securityfocus.com/archive/1/492376/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/29317

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/42724

vdb-entryx_refsource_XF

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 23, 2008
Vulnerability Reserved
May 23, 2008