Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Date of Public Advisory:11.11.2011
Author: Dmitriy Chastuchin
SAP GUI BAPI Explorer has stored XSS which can be used to unauthorized code execution on server side.
Legitimate user of SAP can insert a malicious script into transaction code which can run any function without authorisation or get access to OS.