CVE-2010-1609

Description

Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

• SAP / netweaver4.0 – 4.0
• SAP / netweaver7.0 – 7.0

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0397
• MISChttp://www.securityfocus.com/archive/1/509499/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/38629
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2010-02/0216.html