Cross site scripting

2016-01-1520:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.

CPENameOperatorVersion
netweavereq7.40

CPE	Name	Operator	Version
	netweaver	eq	7.40

References

seclists.org/fulldisclosure/2016/Apr/58

seclists.org/fulldisclosure/2016/Apr/64

erpscan.io/advisories/erpscan-16-001-xss-sap-netweaver-7-4-mdt-servlet/

erpscan.io/advisories/erpscan-16-004-sap-netweaver-7-4-pmitest-servlet-xss/

erpscan.io/press-center/blog/sap-security-notes-january-2016-review/