Description
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67995
Exploit x_refsource_misc
http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1932505
Scores
EPSS
0.0036
EPSS Percentile
58.2%
Details
CWE
CWE-79
Status
published
Products (1)
sap/netweaver_business_client
Published
Jun 13, 2014
Tracked Since
Feb 18, 2026