Multiple XSS Vulnerabilities in SAP NetWeaver Business Client
CVE-2014-4160

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Client
Vendor: CVE Published:; 13 June 2014

What is CVE-2014-4160?

The SAP NetWeaver Business Client contains multiple cross-site scripting vulnerabilities within the testcanvas node. These flaws enable remote attackers to execute arbitrary web scripts or HTML by exploiting the title or sap-accessibility parameters, potentially compromising user data and application integrity. Proper input validation and output encoding measures are crucial to mitigate such risks and secure web applications effectively.

References

http://www.securityfocus.com/bid/67995

vdb-entryx_refsource_BID

http://blog.emaze.net/2014/05/sap-multiple-vulnerabilitie...

x_refsource_MISC

http://scn.sap.com/docs/DOC-8218

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2014
Vulnerability Reserved
Jun 13, 2014