CVE-2013-6816

SAP NetWeaver - Cross-Site Scripting in JavaDumpService and DataCollector Servlets

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

https://service.sap.com/sap/support/notes/1828801

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55777

Third Party Advisory x_refsource_misc

https://erpscan.io/advisories/erpscan-13-018-sap-netweaver-servlet-javadumpservice-multiple-xss/

Third Party Advisory x_refsource_misc

https://erpscan.io/advisories/erpscan-13-019-sap-netweaver-servlet-datacollector-multiple-xss/

Various Sources x_refsource_confirm

http://scn.sap.com/docs/DOC-8218

Scores

EPSS 0.0037

EPSS Percentile 58.6%

Details

CWE

CWE-79

Status published

Products (1)

sap/netweaver

Published Nov 20, 2013

Tracked Since Feb 18, 2026