CVE-2010-2904

EPSS 0.55%
Published 28.07.2010 21:30:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ System Landscape Directory Version6.4

SAP ≫ System Landscape Directory Version7.0

SAP ≫ System Landscape Directory Version7.02

SAP ≫ Netweaver

SAP ≫ Netweaver Version6.4

SAP ≫ Netweaver Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.651

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://dsecrg.com/pages/vul/show.php?id=168

http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt

http://secunia.com/advisories/40712

Vendor Advisory

http://www.osvdb.org/66639

http://www.osvdb.org/66640

http://www.vupen.com/english/advisories/2010/1935

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/60668

https://service.sap.com/sap/support/notes/1416047

https://nvd.nist.gov/vuln/detail/CVE-2010-2904

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2904

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2904

EUVD