Cross-Site Scripting Vulnerabilities in SAP NetWeaver Business Client
CVE-2014-9569

Currently unrated

Key Information:

Vendor
SAP
Status
Netweaver Business Client For Html
Vendor
CVE Published:
7 January 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the SAP NetWeaver Business Client for HTML 3.0, permitting remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through manipulation of specific parameters, namely the 'title' and 'roundtrips', which may compromise the security of the web application and its users. Affected users are at risk of unauthorized actions being executed in their web sessions, underscoring the importance of security practices in web development and application management.

References

http://secunia.com/advisories/62017
third-party-advisoryx_refsource_SECUNIA
http://www.senseofsecurity.com.au/advisories/SOS-14-005
x_refsource_MISC
http://www.securitytracker.com/id/1031509
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.