Vulnerability Details CVE-2015-6663
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/134508/SAP-Afaria-7-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Nov/95
- http://www.securityfocus.com/archive/1/536956/100/0/threaded
- https://erpscan.io/advisories/erpscan-15-019-sap-afaria-stored-xss/
- http://packetstormsecurity.com/files/134508/SAP-Afaria-7-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Nov/95
- http://www.securityfocus.com/archive/1/536956/100/0/threaded
- https://erpscan.io/advisories/erpscan-15-019-sap-afaria-stored-xss/