CVE-2009-2932

SAP Netweaver - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/57000

[Vendor Advisory] http://secunia.com/advisories/36228

[Exploit] http://www.dsecrg.com/pages/vul/show.php?id=133

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52429

[Various Sources] https://service.sap.com/sap/support/notes/1322098

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/505697/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36034

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022731

Scores

EPSS 0.0038

EPSS Percentile 59.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

sap/netweaver

n/a/n/a

Timeline

Published Aug 21, 2009

Tracked Since Feb 18, 2026