Vulnerabilities > SAP > Netweaver > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-21 | CVE-2009-2932 | Cross-Site Scripting vulnerability in SAP Netweaver 7.0 Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | 4.3 |
| 2008-04-16 | CVE-2008-1846 | Cross-Site Scripting vulnerability in SAP Netweaver 7.0 The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | 4.3 |