CVE-2011-5263
SAP NetWeaver < 7.30 - Cross-Site Scripting via RetrieveMailExamples Server Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45708
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49266/info
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69331
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=330
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520551/100/0/threaded
Various Sources x_refsource_confirm
http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4
Scores
EPSS
0.0047
EPSS Percentile
65.0%
Details
CWE
CWE-79
Status
published
Products (5)
sap/netweaver
7.0 (5 CPE variants)
sap/netweaver
7.01
sap/netweaver
7.02
sap/netweaver
7.10
sap/netweaver
< 7.30
Published
Feb 12, 2013
Tracked Since
Feb 18, 2026