A cross site scripting vulnerability has been uncovered in SAP Internet Transaction Server Versions 6.1 and 6.2. This allows an attacker to submit a crafted link to users of the vulnerable Web application in order to abuse their trust and steal their authentication credentials or hijack their sessions when the targeted web site contains a login page.
21560d98151152cddf7bbc4f211e0b09df59e16cdf7101d1ea4efa6bfd7420ea