CVE-2010-2904Cross-site Scripting in SAP Netweaver

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP NetweaverSAP System Landscape Directory
Timeline
PublishedJul 28
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDsap/system_landscape_directory6.4, 7.0, 7.02+2
NVDsap/netweaver6.4, 7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mr44-mp3p-wc79: Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 62022-05-17
CVEList
CVE-2010-2904: Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 62010-07-28
CVE-2010-2904 — Cross-site Scripting in SAP Netweaver | cvebase