CVE-2011-5260

SAP Netweaver - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.

References (4)

[Exploit] http://dsecrg.com/pages/vul/show.php?id=337

[Various Sources] http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4

[Third Party Advisory] https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520555/100/0/threaded

Scores

EPSS 0.0029

EPSS Percentile 51.7%

Details

CWE

CWE-79

Status published

Products (9)

sap/netweaver

n/a/n/a

Published Feb 12, 2013

Tracked Since Feb 18, 2026