virus logo Dynamic Application Security Testing

CVE-2016-3975 SAP NetWeaver AS Java NavigationURLTester – XSS vulnerability

Impact logoDescription

Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.

References

Version Updates

Date Version Status Detail
2024-10-17 24.10000
New
 Cross-site scripting vulnerability in SAP NetWeaver AS Java allows remote attackers to inject malicious scripts.
ID 13
CVE ID
Category web
Sub Category sap
Date Sep 18, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Alias cross site scripting
Type OWASP injection
CVSS 6.1
Author Fortinet