CVE-2010-1609
- EPSS 0.31%
- Veröffentlicht 29.04.2010 17:30:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2932
- EPSS 0.38%
- Veröffentlicht 21.08.2009 20:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
CVE-2008-3358
- EPSS 0.65%
- Veröffentlicht 28.01.2009 18:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be ref...
CVE-2008-1846
- EPSS 0.52%
- Veröffentlicht 16.04.2008 17:05:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering ...