CVE-2015-7728

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 60.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Hana

Timeline

PublishedOct 15

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDsap/hana1.00.73.00.389160

🔴Vulnerability Details

GHSA

GHSA-rmwf-pmr8-gw7r: Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1↗2022-05-17

▶

CVEList

CVE-2015-7728: Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1↗2015-10-15

▶