CVE-2014-1965
SAP NetWeaver BC-XI 3.0, 7.00-7.02, 7.10-7.11 - Cross-Site Scripting in ISpeakAdapter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91094
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-14-006-sap-netweaver-pip-xss/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56947
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1442517
Various Sources x_refsource_misc
http://www.stechno.net/sap-notes.html?view=sapnote&id=1442517
Scores
EPSS
0.0033
EPSS Percentile
55.9%
Details
CWE
CWE-79
Status
published
Products (6)
sap/netweaver
3.0
sap/netweaver
7.0
sap/netweaver
7.01
sap/netweaver
7.02
sap/netweaver
7.10
sap/netweaver
7.11
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026