Unrated severityNVD Advisory· Published Feb 12, 2013· Updated Apr 29, 2026
CVE-2011-5260
CVE-2011-5260
Description
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Affected products
8cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.