XSS in Sap Netweaver_business_client_for_html
CVE-2014-9569
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 205…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.018 (76.3th percentile) — read the EPSS interpretation.
Affected products
- Sap Netweaver_business_client_for_html — versions 3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (URL Repurposed, Exploit, x_refsource_MISC)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)