Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Some Fields are susceptible to Cross-site scripting., SAP security note 1334244

Description

You create a shopping cart and specify Item description having javascript content. Now if your SC has error, then the error message content would be wrongly display and the behaviour would be that of how the item description javascript is executed.

Available fix and Supported packages

  • SRM_SERVER | 500 | 500
  • SRM_SERVER 500 | SAPKIBKS15 |

Affected component

    SRM-EBP-TEC-ITS
    ITS and Web files

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1334244

TAGS

#BBPSC01
#BBPSC02
#Description
#XSS
#cross-site-scripting
#Attachment

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.