CVE-2008-1846

The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver:*:sp8:*:*:*:*:*:*

Information

Published : 2008-04-16 10:05

Updated : 2018-10-11 13:37


NVD link : CVE-2008-1846

Mitre link : CVE-2008-1846


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

sap

  • netweaver