Back to search
CVE-2007-3496
Published: Jun 29, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.csnc.ch/advisory/sap01.html
x_refsource_MISC
2850
third-party-advisory
x_refsource_SREASON
20070627 SAP Web Dynpro Java (BC-WD-JAV) Vulnerability
mailing-list
x_refsource_BUGTRAQ
25866
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2381
vdb-entry
x_refsource_VUPEN
37748
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now