CVE-2010-2904: XSS
First published: Wed Jul 28 2010(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap System Landscape Directory | =6.4 | |
| Sap System Landscape Directory | =7.0 | |
| Sap System Landscape Directory | =7.02 | |
| SAP NetWeaver | ||
| SAP NetWeaver | =6.4 | |
| SAP NetWeaver | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osvdb.org/66639
- http://secunia.com/advisories/40712
- http://dsecrg.com/pages/vul/show.php?id=168
- http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt
- https://service.sap.com/sap/support/notes/1416047
- http://www.vupen.com/english/advisories/2010/1935
- http://www.osvdb.org/66640
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60668
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/sap
- canonical/sap system landscape directory
- version/sap system landscape directory/6.4
- version/sap system landscape directory/7.0
- version/sap system landscape directory/7.02
- canonical/sap netweaver
- version/sap netweaver/6.4
- version/sap netweaver/7.0