CVE-2010-2904
SAP System Landscape Directory 6.4-7.02 - Cross-Site Scripting via action or helpstring Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=168
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40712
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/66640
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/66639
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1935
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1416047
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60668
Scores
EPSS
0.0054
EPSS Percentile
68.0%
Details
CWE
CWE-79
Status
published
Products (6)
sap/netweaver
sap/netweaver
6.4
sap/netweaver
7.0
sap/system_landscape_directory
6.4
sap/system_landscape_directory
7.0
sap/system_landscape_directory
7.02
Published
Jul 28, 2010
Tracked Since
Feb 18, 2026