CVE-2010-1609
- EPSS 0.31%
- Published 29.04.2010 17:30:00
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2932
- EPSS 0.38%
- Published 21.08.2009 20:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
CVE-2008-3358
- EPSS 0.65%
- Published 28.01.2009 18:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be ref...
CVE-2008-1846
- EPSS 0.52%
- Published 16.04.2008 17:05:00
- Last modified 09.04.2025 00:30:58
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering ...