Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security XSS vulnerability in ITS 6.20, SAP security note 1385621


ITS 6.20 contains a cross-site scripting (XSS) vulnerability on the login page. If you select a service name that contains specially encoded characters instead of the service name such as WEBGUI, the JavaScript code that is contained in this can be executed in the context of the login page.

Credits to Erwin Paternotte, Fox-IT BV ( who reported this issue to SAP.

Available fix and Supported packages

  • BC-FES-ITS | 620 | 620
  • SAP ITS 6.20 | SP035 | 000035

Affected component

    SAP Internet Transaction Server


Score: 0


Exploit is not available.
For detailed information please contact the mail [email protected].




More to explorer