Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.
References 8 Total
- seclists.org: 20141008 [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities mailing-list
- securityfocus.com: 20141008 [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities mailing-list
- https://service.sap.com/sap/support/notes/2009696
- securityfocus.com: 70307 vdb-entry
- http://packetstormsecurity.com/files/128598/SAP-HANA-Reflective-Cross-Site-Scripting.html
- http://scn.sap.com/docs/DOC-55451
- exchange.xforce.ibmcloud.com: sap-hana--multiple-xss(96878) vdb-entry
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-027
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- seclists.org: 20141008 [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities mailing-listx_transferred
- securityfocus.com: 20141008 [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities mailing-listx_transferred
- https://service.sap.com/sap/support/notes/2009696 x_transferred
- securityfocus.com: 70307 vdb-entryx_transferred
- http://packetstormsecurity.com/files/128598/SAP-HANA-Reflective-Cross-Site-Scripting.html x_transferred
- http://scn.sap.com/docs/DOC-55451 x_transferred
- exchange.xforce.ibmcloud.com: sap-hana--multiple-xss(96878) vdb-entryx_transferred
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-027 x_transferred