CVE-2014-9569

EUVD-2014-9383
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_business_client_for_html
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/62017
http://www.securitytracker.com/id/1031509
http://www.senseofsecurity.com.au/advisories/SOS-14-005
http://secunia.com/advisories/62017
http://www.securitytracker.com/id/1031509
http://www.senseofsecurity.com.au/advisories/SOS-14-005