Vigil@nce - SAP NetWeaver: Cross Site Scripting of Performance Provider
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in SAP NetWeaver
Performance Provider, in order to execute JavaScript code in the
context of the web server.
Impacted products: SAP ERP, NetWeaver
Severity: 2/4
Creation date: 12/03/2013
Revision date: 20/03/2013
DESCRIPTION OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in SAP NetWeaver
Performance Provider, in order to execute JavaScript code in the
context of the web server.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SAP-NetWeaver-Cross-Site-Scripting-of-Performance-Provider-12506