CVE-2011-5260
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
12/02/2013
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dsecrg.com/pages/vul/show.php?id=337
- http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4
- http://www.securityfocus.com/archive/1/520555/100/0/threaded
- https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/
- http://dsecrg.com/pages/vul/show.php?id=337
- http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4
- http://www.securityfocus.com/archive/1/520555/100/0/threaded
- https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/