Skip links
RedRays
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

J2EE engine filter to check for XSS input, SAP security note 1262675

Description

You are using SAP CRM WebChannel or SAP E-Commerce and you want to add an additional possiblity to avoid Cross Site Scripting (XSS).

Available fix and Supported packages

  • SAP-CRMISA | 4.0 | 4.0
  • SAP-CRMISA | 4.0_640 | 4.0_640
  • SAP-CRMJAV | 5.0 | 5.0
  • SAP-CRMJAV | 5.2 | 5.2
  • SAP-CRMJAV | 6.0 | 6.0
  • SAP-CRMWEB | 5.0 | 5.0
  • SAP-CRMWEB | 5.1 | 5.1
  • SAP-CRMWEB | 5.2 | 5.2
  • SAP-CRMWEB | 6.0 | 6.0
  • SAP-SHRWEB | 5.0 | 5.0
  • SAP-SHRWEB | 5.2 | 5.2
  • SAP-SHRWEB | 6.0 | 6.0
  • SAP-SHRJAV | 5.0 | 5.0
  • SAP-SHRJAV | 5.2 | 5.2
  • SAP-SHRJAV | 6.0 | 6.0
  • SAP-CRMAPP | 5.0 | 5.0
  • SAP-CRMAPP | 5.2 | 5.2
  • SAP-CRMAPP | 6.0 | 6.0
  • SAP-SHRAPP | 5.0 | 5.0
  • SAP-SHRAPP | 5.2 | 5.2
  • SAP-SHRAPP | 6.0 | 6.0

Affected component

    CRM-ISA
    Internet Sales

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1262675

TAGS

#isa
#Internet-Sales
#ECo
#E-Commerce
#E-Commerce
#WebChannel
#WebChannel
#CRM
#ERP
#r3
#r\3
#r/3
#ECC
#b2b
#Business-to-Business
#Business-to-Business
#b2c
#Business-to-Customer
#Business-to-Customer
#isauseradm
#isauseradmin
#isa-useradm
#isa-useradmin
#useradmin
#useradmin
#shopadmin
#shop-admin
#XSS
#X-SS

More to explorer