CVE-2018-17861

Publication date

2021-08-09 18:30:35

Family

mitre

State

PUBLISHED

Description

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer