ID CVE-2005-3636
Summary Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15361
bugtraq 20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS
misc http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
osvdb 20715
sectrack 1015174
secunia 17515
sreason 162
vupen ADV-2005-2361
xf sap-error-message-script-injection(23029)
Last major update 11-07-2017 - 01:33
Published 16-11-2005 - 21:22
Last modified 11-07-2017 - 01:33
Back to Top