Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-07T19:00:00

Updated: 2024-08-06T00:10:31.931Z

Reserved: 2016-04-07T00:00:00

Link: CVE-2016-3975

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2016-04-07T19:59:06.087

Modified: 2021-04-20T18:58:12.380

Link: CVE-2016-3975

cve-icon Redhat

No data.