Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

WS Navigator help page can be misused for XSS, SAP security note 1372831

Description

The Web Services Navigator help page can be misused for cross-site scripting (XSS).

Available fix and Supported packages

  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.02
  • SAP_JTECHS | 6.40 | 6.40
  • SAP_JTECHS | 7.00 | 7.02
  • SAP JAVA TECH SERVICES 6.40 | SP025 | 000000
  • SAP JAVA TECH SERVICES 7.00 | SP019 | 000003
  • SAP JAVA TECH SERVICES 7.00 | SP020 | 000001
  • SAP JAVA TECH SERVICES 7.00 | SP021 | 000000
  • SAP JAVA TECH SERVICES 7.01 | SP005 | 000001
  • SAP JAVA TECH SERVICES 7.01 | SP006 | 000000
  • SAP JAVA TECH SERVICES 7.02 | SP002 | 000000

Affected component

    BC-ESI-WS-JAV-CFG
    Configuration

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1372831

TAGS

#Security-Update
#Cross-Site-Scripting
#Attack
#Web-Services-Navigator
#XSS
#CSS

More to explorer