Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5114

4 documents4 sources

Severity

6.8MEDIUM

EPSS

15.8%

top 5.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SAP Internet Transaction Server

Timeline

PublishedOct 3

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/internet_transaction_server6.1, 6.2+1

🔴Vulnerability Details

GHSA

GHSA-89hq-c5f6-69qm: Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6↗2022-05-01

▶

CVEList

CVE-2006-5114: Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6↗2006-10-02

▶

💥Exploits & PoCs

Exploit-DB

SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting↗2006-09-28

▶