ふむぅ、NetWeaverのFeedbacksにクロスサイトスクリプティングの脆弱性だそうです。

Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of
files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site