Description
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/130519/SAP-HANA-Web-based-Development-Workbench-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534747/100/0/threaded
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Feb/91
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72773
Scores
EPSS
0.0026
EPSS Percentile
48.9%
Details
CWE
CWE-79
Status
published
Products (2)
sap/hana
1.00.73.00.389160
sap/hana
1.00.80.00.391861
Published
Feb 27, 2015
Tracked Since
Feb 18, 2026