Vulnerabilities > SAP > Internet Transaction Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-24 CVE-2018-11415 Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs.
network
sap CWE-79
4.3
2008-05-09 CVE-2008-2123 Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6200.1017.50954.0Build730827
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.
network
sap CWE-79
4.3
2006-10-03 CVE-2006-5114 Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6.1/6.2
Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.
network
sap
6.8
2004-04-15 CVE-2003-1038 Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
network
low complexity
sap
5.0
2003-10-20 CVE-2003-0749 Cross-Site Scripting vulnerability in SAP Internet Transaction Server 4620.2.0.323011
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
network
sap
6.8
2003-10-20 CVE-2003-0748 Directory Traversal File Disclosure vulnerability in SAP Internet Transaction Server 4620.2.0.323011
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
network
low complexity
sap
5.0
2003-10-20 CVE-2003-0747 Information Disclosure vulnerability in SAP Internet Transaction Server 4620.2.0.323011
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
network
low complexity
sap
5.0