Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
References
Configurations
History
21 Nov 2024, 02:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2015/Sep/114 - | |
References | () https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition - | |
References | () https://www.onapsis.com/research/security-advisories/sap-hana-xss-role-deletion-through-web-based-workbench - |
Information
Published : 2015-10-15 20:59
Updated : 2024-11-21 02:37
NVD link : CVE-2015-7726
Mitre link : CVE-2015-7726
CVE.ORG link : CVE-2015-7726
JSON object : View
Products Affected
sap
- hana
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')