CVE-2008-2123

Name of the Vulnerable Software and Affected Versions SAP Internet Transaction Server (ITS) version 6.20

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved through a "<>" sequence in the ~service parameter to wgate.dll, or via Javascript splicing in the query string.

Recommendations For SAP Internet Transaction Server (ITS) version 6.20, consider restricting access to the wgate.dll module to minimize the risk of exploitation. Avoid using the ~service parameter with untrusted input until the issue is resolved.