Unrated severityNVD Advisory· Published Apr 16, 2008· Updated Jun 16, 2026
CVE-2008-1846
CVE-2008-1846
Description
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
Affected products
2Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.