Cross-Site Scripting Vulnerability in SAP Web Application Server and Web Dynpro
CVE-2008-2421

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server; Web Dynpro
Vendor: CVE Published:; 23 May 2008

What is CVE-2008-2421?

This vulnerability allows remote attackers to exploit the Web GUI of SAP Web Application Server by injecting arbitrary web scripts or HTML through the PATH_INFO parameter in the default URI located at bc/gui/sap/its/webgui/. This can lead to unauthorized actions being performed on behalf of users, data theft, or defacement of the web interface. Proper validation and sanitization of user inputs are crucial to mitigate this risk.

References

http://www.securityfocus.com/archive/1/492376/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/29317

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/42724

vdb-entryx_refsource_XF

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 23, 2008
Vulnerability Reserved
May 23, 2008