| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note 9779
SAP NetWeaver: Cross Site Scripting of Web Services Navigator
Synthesis of the vulnerability
| An attacker can generate a Cross Site Scripting in SAP J2EE Web Services Navigator, in order to execute script in the web context of a user visiting the site. |
Severity: 2/4.
Creation date: 21/07/2010.
Revision date: 23/07/2010.
|
Description of the vulnerability
The SAP NetWeaver platform is based on the SAP J2EE engine. The Web Services Navigator (wsnavigator ) interface provides the interaction between J2EE Web Services.
The "title" parameter of the /wsnavigator/jsps/explorer/help.jsp page is not correctly filtered. A Cross Site Scripting then impacts the SAP_JTECHS component of Web Services Navigator.
An attacker can therefore generate a Cross Site Scripting in SAP J2EE Web Services Navigator, in order to execute script in the web context of a user visiting the site. |
Complete Vigil@nce bulletin
Characteristics
Title: SAP NetWeaver: Cross Site Scripting of Web Services Navigator.
Keywords: Cross J2EE Navigator NetWeaver SAP SAP_JTECHS Scripting Services Site Web.
Identifiers: 1169248, BID-41805, BID-41925, DSECRG-09-040, ONAPSIS-00002, ONAPSIS-2010-006, VIGILANCE-VUL-9779.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
|
