Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2123

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.3MEDIUM
EPSS
16.5%
top 5.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Internet Transaction Server
Timeline
PublishedMay 9
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDsap/internet_transaction_server6200.1017.50954.0_build_730827

🔴Vulnerability Details

2
GHSA
GHSA-q29j-2qwc-gprj: Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 62022-05-01
CVEList
CVE-2008-2123: Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 62008-05-09

💥Exploits & PoCs

2
Exploit-DB
SAP Internet Transaction Server 6200.1017.50954.0 Bu (WGate) - 'wgate.dll?~service' Cross-Site Scripting2008-05-08
Exploit-DB
SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting2008-05-08