CVE-2015-7726
SAP HANA - Authenticated Cross-Site Scripting via Role Deletion in Web-based Development Workbench
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-hana-xss-role-deletion-through-web-based-workbench
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/114
Various Sources x_refsource_misc
https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
Scores
EPSS
0.0018
EPSS Percentile
39.0%
Details
CWE
CWE-79
Status
published
Products (1)
sap/hana
1.00.091.00
Published
Oct 15, 2015
Tracked Since
Feb 18, 2026