CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-3975 – SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-3975
07 Apr 2016 — Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. Vulnerabilidad de XSS en SAP NetWeaver AS Java 7.1 hasta la versión 7.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro navigationT... • https://packetstorm.news/files/id/137529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 7CVE-2016-2388 – SAP NetWeaver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-2388
16 Feb 2016 — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. El Universal Worklist Configuration en SAP NetWeaver AS JAVA 7.4 permite a los atacantes remotos obtener información sensible de los usuarios a través de una solicitud HTTP manipulada, también conocida como SAP Security Note 2256846 SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerab... • https://packetstorm.news/files/id/145860 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •