exploitDog

GHSA-q29j-2qwc-gprj

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

Ссылки

EPSS

Процентиль: 95%

0.16456

Средний

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2008-2123

nvd

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

EPSS

Процентиль: 95%

0.16456

Средний

CVE ID

Дефекты

CWE-79