Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3636Cross-site Scripting in SAP WEB Application Server

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
22.6%
top 4.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP WEB Application Server
Timeline
PublishedNov 16
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rr23-7g46-v945: Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 62022-05-01
CVEList
CVE-2005-3636: Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 62005-11-16

💥Exploits & PoCs

1
Exploit-DB
SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting2005-11-09
CVE-2005-3636 — Cross-site Scripting in SAP | cvebase