Affected configuration(s):
cpe:/a:sap:netweaver:-
cpe:/a:sap:netweaver_exchange_infrastructure_%28bc-xi%29:-
Date published: 2014-02-14T10:55:07.563-05:00
Date last modified: 2017-08-28T21:34:28.780-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Complexity: MEDIUM
Reference URL: http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/
Summary: Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.