Cross-Site Scripting Vulnerability in SAP J2EE Engine/Fiori
CVE-2018-17862
6.1MEDIUM
What is CVE-2018-17862?
A cross-site scripting vulnerability exists in the SAP J2EE Engine version 7.01, affecting its Fiori application. This flaw allows remote attackers to inject arbitrary web scripts through the 'sys_jdbc' parameter when accessing the '/TestJDBC_Web/test2' endpoint. It is important to note that this vulnerability is present in products that are no longer supported by their maintainer, which may leave them exposed to exploitation.