SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
financial_consolidation | eq | 10.0 | |
financial_consolidation | eq | 10.1 |