Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security XSS vulnerability in ITS 6.20, SAP security note 1385621

Description

ITS 6.20 contains a cross-site scripting (XSS) vulnerability on the login page. If you select a service name that contains specially encoded characters instead of the service name such as WEBGUI, the JavaScript code that is contained in this can be executed in the context of the login page.

Credits to Erwin Paternotte, Fox-IT BV (https://www.fox-it.com) who reported this issue to SAP.

Available fix and Supported packages

  • BC-FES-ITS | 620 | 620
  • SAP ITS 6.20 | SP035 | 000035

Affected component

    BC-FES-ITS
    SAP Internet Transaction Server

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1385621

TAGS

#XSS
#Cross-Site-Scripting
#security

More to explorer