RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

October 8, 2009
12:00 am

Cross-site scripting error in BBP_POC, SAP security note 1267878

Description

You are using transaction BBP_POC (Create Purchase Order). On the initial screen, you choose the “Create” button. In the “Purchase Order Name” field, you then enter “…”…” (that is, a double quotation mark), for example. After you trigger any action in this transaction, the text disappears behind the double quotation mark. This may be used for cross-site scripting.

Available fix and Supported packages

SRM_SERVER | 500 | 500
SRM_SERVER | 550 | 550
SRM_SERVER 500 | SAPKIBKS15 |
SRM_SERVER 550 | SAPKIBKT14 |

Affected component

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1267878

RedRays SAP Security Team

Cross-site scripting error in BBP_POC, SAP security note 1267878

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#XSS

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

RedRays and Cenobe Cybersecurity Announce Strategic Partnership

SAP Security Patch Day – July 2024

Announcement: In-Depth SAP Security Training at BlackHat MEA 2024

SAP Security Patch Day – June 2024