You are using transaction BBP_POC (Create Purchase Order). On the initial screen, you choose the “Create” button. In the “Purchase Order Name” field, you then enter “…”…” (that is, a double quotation mark), for example. After you trigger any action in this transaction, the text disappears behind the double quotation mark. This may be used for cross-site scripting.
Available fix and Supported packages
- SRM_SERVER | 500 | 500
- SRM_SERVER | 550 | 550
- SRM_SERVER 500 | SAPKIBKS15 |
- SRM_SERVER 550 | SAPKIBKT14 |
ITS and Web files
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.