Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP Internet Transaction Server跨站脚本执行漏洞
Vulnerability Description
SAP Internet Transaction Server (ITS)是一款基于Internet的事务服务程序。 SAO ITS服务器包含的'wgate.dll'组件存在跨站脚本执行攻击,远程攻击者可以利用这个漏洞获得用户基于验证的Cookie信息。 由于wgate.dll对用户提交给"service"参数缺少充分过滤,远程攻击者构建包含恶意脚本的数据给这个参数,并诱使用户访问这个链接,可导致恶意脚本在用户浏览器上执行,使用户基于验证的Cookie信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A