Cross site scripting

2019-10-0820:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

CPENameOperatorVersion
financial_consolidationeq10.0
financial_consolidationeq10.1

CPE	Name	Operator	Version
	financial_consolidation	eq	10.0
	financial_consolidation	eq	10.1

References

launchpad.support.sap.com/

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050