CVE-2015-2072 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs aka SAP Note 2069676.

Reference

http://packetstormsecurity.com/files/130519/SAP-HANA-Web-based-Development-Workbench-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Feb/91 http://www.securityfocus.com/archive/1/534747/100/0/threaded http://www.securityfocus.com/bid/72773