CVE-2014-9569
SAP NetWeaver Business Client for HTML 3.0 - Cross-Site Scripting via Title or Roundtrips Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62017
Exploit, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-14-005
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031509
Scores
EPSS
0.0025
EPSS Percentile
48.8%
Details
CWE
CWE-79
Status
published
Products (1)
sap/netweaver_business_client_for_html
3.0
Published
Jan 07, 2015
Tracked Since
Feb 18, 2026