Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.
CPE | Name | Operator | Version |
---|---|---|---|
netweaver_application_server_java | ge | 7.10 | |
netweaver_application_server_java | le | 7.50 |