exploitDog

GHSA-4463-78qq-629x

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

EPSS

Процентиль: 64%

0.00467

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-17861

CVSS3: 6.1

nvd

больше 4 лет назад

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

EPSS

Процентиль: 64%

0.00467

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79