Details of VAR-E-200805-0249

ID

VAR-E-200805-0249

CVE

cve_id:

CVE-2008-2421

Trust: 1.9

sources: BID: 29317 // EXPLOIT-DB: 31816 // EDBNET: 53381

EDB ID

31816

TITLE

SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting - Java webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 31816

DESCRIPTION

SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting. CVE-2008-2421CVE-45649 . webapps exploit for Java platform

Trust: 0.6

sources: EXPLOIT-DB: 31816

AFFECTED PRODUCTS

vendor:

sap

model:

web application server

scope:

version:

7.0

Trust: 1.9

sources: BID: 29317 // EXPLOIT-DB: 31816 // EDBNET: 53381

EXPLOIT

source: https://www.securityfocus.com/bid/29317/info

SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SAP Web Application Server 7.0 is vulnerable; other versions may also be affected.

http://www.example.com/sap/bc/gui/sap/its/webgui/aaaaaaa"><img/src=javascript:alert('DSECRG_XSS')>

Trust: 1.0

sources: EXPLOIT-DB: 31816

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 31816

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 31816

TYPE

'/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 31816

CREDITS

DSecRG

Trust: 0.6

sources: EXPLOIT-DB: 31816

EXTERNAL IDS

db:	EXPLOIT-DB	id:	31816	Trust: 1.9
db:	NVD	id:	CVE-2008-2421	Trust: 1.9
db:	BID	id:	29317	Trust: 1.9
db:	EDBNET	id:	53381	Trust: 0.6

sources: BID: 29317 // EXPLOIT-DB: 31816 // EDBNET: 53381

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-2421	Trust: 1.6
url:	https://www.securityfocus.com/bid/29317/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/31816/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/31816	Trust: 0.3
url:	http://www.sap.com	Trust: 0.3

sources: BID: 29317 // EXPLOIT-DB: 31816 // EDBNET: 53381

SOURCES

db:	BID	id:	29317
db:	EXPLOIT-DB	id:	31816
db:	EDBNET	id:	53381

LAST UPDATE DATE

2022-07-27T09:57:34.924000+00:00

SOURCES UPDATE DATE

db:

BID

id:

29317

date:

2015-05-07T17:28:00

SOURCES RELEASE DATE

db:	BID	id:	29317	date:	2008-05-21T00:00:00
db:	EXPLOIT-DB	id:	31816	date:	2008-05-21T00:00:00
db:	EDBNET	id:	53381	date:	2008-05-21T00:00:00