Description
In general all Web servers that accept input parameters via http request, dynamically generate html pages based on these inputs and then return this dynamically generated content as response to the client(browser), are potentially vulnerable to “Cross Site Scripting” attacks.
The XML Forms fall into that category, as some of the input parameters of the http requests are vulnerable to XSS.
Available fix and Supported packages
- KMC-CM | 7.00 | 7.00
- EP-CM | 6.0_640 | 6.0_640
- CM+COLLABORATION 6.0_640 | SP022 | 000003
- CM+COLLABORATION 6.0_640 | SP023 | 000003
- CM+COLLABORATION 6.0_640 | SP025 | 000004
- CM+COLLABORATION 6.0_640 | SP026 | 000004
- CM+COLLABORATION 6.0_640 | SP027 | 000000
Affected component
- EP-KM-CM
Content Management
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1141070
