CVE-2008-2123 – SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2123

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WGate para SAP Internet Transaction Server (ITS)versión 6.20 inyectar secuencias de comandos web o HTML de su elección mediante (1) una secuencia "<>" en el parámetro ~service de wgate.dll, o (2) enlazando código Javacript en la cadena de consulta, siendo un vector diferente que CVE-2006-5114. • https://www.exploit-db.com/exploits/31755 https://www.exploit-db.com/exploits/31754 http://secunia.com/advisories/30128 http://www.portcullis-security.com/275.php http://www.securityfocus.com/bid/29103 http://www.securitytracker.com/id?1019998 http://www.vupen.com/english/advisories/2008/1466/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •