Written by Digital Security Research Group [DSecRG]
Tuesday, 31 March 2009 22:39
SAP MaxDB 'webdbm' Multiple Cross Site Scripting Vulnerabilities
Input Validation Error
Mar 31 2009 12:00AM
Mar 31 2009 09:16PM
Digital Security Research Group [DSecRG]
SAP MaxDB 7.6.3 build 007
SAP MaxDB 7.6.03.15
SAP MaxDB 7.6.00.37
SAP MaxDB 126.96.36.199
SAP MaxDB 188.8.131.52
SAP MaxDB is prone to multiple cross-site scripting vulnerabilities because it fails to
sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of
an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
To exploit these issues, an attacker must entice an unsuspecting victim into following a
The following example URIs are available:
Reportedly, the vendor has released a replacement for the vulnerable process. Please contact
the vendor for details.
--SAP MaxDB Homepage
--[DSECRG-09-016] SAP SAPDB Multiple XSS
http://www.securityfocus.com/archive/1/50231 (Alexandr Polyakov <