SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
BID:58155
Info
SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 58155 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-7365 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Apr 28 2014 12:42AM |
| Credit: | Jordan Santarsieri |
| Vulnerable: |
SAP Enterprise Portal 0 |
| Not Vulnerable: | |
Discussion
SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
SAP Enterprise Portal is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SAP Enterprise Portal is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to visit a specially crafted URL.
An attacker can exploit these issues by enticing an unsuspecting user to visit a specially crafted URL.
Solution / Fix
SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
SAP Enterprise Portal Multiple Unspecified Cross Site Scripting Vulnerabilities
References:
References: