CVE-2013-6816

2013-11-1919:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/55777

erpscan.io/advisories/erpscan-13-018-sap-netweaver-servlet-javadumpservice-multiple-xss/

erpscan.io/advisories/erpscan-13-019-sap-netweaver-servlet-datacollector-multiple-xss/

service.sap.com/sap/support/notes/1828801