Description
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=337
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520555/100/0/threaded
Various Sources x_refsource_confirm
http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (4)
sap/netweaver
sap/netweaver
4.0
sap/netweaver
6.4
sap/netweaver
7.0 (5 CPE variants)
Published
Feb 12, 2013
Tracked Since
Feb 18, 2026