CVE-2014-1965 — Cross-site Scripting in SAP Netweaver

CWE-79 — Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 44.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver
Timeline
PublishedFeb 14
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDsap/netweaver6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-4vqv-557v-3cwq: Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3↗2022-05-14
â–¶
CVEList
CVE-2014-1965: Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3↗2014-02-14
â–¶
CVE-2014-1965 — Cross-site Scripting in SAP Netweaver | cvebase