CVE-2015-6663
SAP Afaria 7 - Stored Cross-Site Scripting via Client Name Data
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/134508/SAP-Afaria-7-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536956/100/0/threaded
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-019-sap-afaria-stored-xss/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Nov/95
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (1)
sap/afaria
7.0
Published
Aug 24, 2015
Tracked Since
Feb 18, 2026