CVE-2019-0316

MEDIUM Year: 2019
CVSS v3 Score
4.8
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.

Related Vulnerabilities

CVE-2004-1865

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...

CWE-792004

CVE-2010-2472

MEDIUM
CVSS:4.8(Medium)

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...

CWE-792010

CVE-2011-3352

MEDIUM
CVSS:4.8(Medium)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...

CWE-792011

CVE-2012-1637

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

CWE-792012

CVE-2012-1932

MEDIUM
CVSS:4.8(Medium)

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.

CWE-792012

CVE-2012-2078

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

CWE-792012