NVD

Id
2337  
Name
CVE-2008-2421  
Description
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-05-23  
Modified Date
2011-03-07  
Seq
2008-2421  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
15007 2337 CVE-2008-2421 20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability  View
15008 2337 CVE-2008-2421 29317  View
15009 2337 CVE-2008-2421 1020097  View
15010 2337 CVE-2008-2421 ADV-2008-1599  View
15011 2337 CVE-2008-2421 sap-sapbcguisapitswebgui-xss(42724)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50521 JVNDB-2008-005831 SAP WAS などの Web GUI におけるクロスサイトスクリプティングの脆弱性 SAP Web Application Server (WAS)、Web Dynpro for ABAP および Web Dynpro for BSP の Web GUI には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-2421 32534 CVE-2008-2421 2337 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005831.html 2008-05-23 2012-12-20 View