A cross-site scripting vulnerability exists in SAP NetWeaver Application Server, an application server from SAP, which stems from an ABAP keyword document that does not adequately encode user-controlled input and can be exploited to cause Cross-site scripting attack.