Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0749

4 documents4 sources
Severity
6.8MEDIUM
EPSS
5.5%
top 9.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Internet Transaction Server
Timeline
PublishedOct 20
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDsap/internet_transaction_server4620.2.0.323011

🔴Vulnerability Details

2
GHSA
GHSA-j463-qv6p-7x3p: Cross-site scripting (XSS) vulnerability in wgate2022-04-29
CVEList
CVE-2003-0749: Cross-site scripting (XSS) vulnerability in wgate2003-09-06

💥Exploits & PoCs

1
Exploit-DB
SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site Scripting2003-08-30