CVE-2010-2904

EUVD-2010-2908
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
sapsystem_landscape_directory
6.4
sapsystem_landscape_directory
7.0
sapsystem_landscape_directory
7.02
sapnetweaver
*
sapnetweaver
6.4
sapnetweaver
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dsecrg.com/pages/vul/show.php?id=168
http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt
http://secunia.com/advisories/40712
http://www.osvdb.org/66639
http://www.osvdb.org/66640
http://www.vupen.com/english/advisories/2010/1935
https://exchange.xforce.ibmcloud.com/vulnerabilities/60668
https://service.sap.com/sap/support/notes/1416047
http://dsecrg.com/pages/vul/show.php?id=168
http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt
http://secunia.com/advisories/40712
http://www.osvdb.org/66639
http://www.osvdb.org/66640
http://www.vupen.com/english/advisories/2010/1935
https://exchange.xforce.ibmcloud.com/vulnerabilities/60668
https://service.sap.com/sap/support/notes/1416047