CVE-2008-1846

The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
Configurations

Configuration 1

cpe:2.3:a:sap:netweaver:*:sp8:*:*:*:*:*:*

Information

Published : 2008-04-16 05:05

Updated : 2018-10-11 08:37


NVD link : CVE-2008-1846

Mitre link : CVE-2008-1846

Products Affected
No products.
CWE