SAP cFolders Cross Site Scripting And HTML Injection Vulnerabilities

ID SSV:86205
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


SAP cFolders is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. 

The following example URIs are available:<IMG/SRC=JaVaScRiPt:alert('DSECRG')> aaaaaaaa<IMG/SRC=JaVaScRiPt:alert('DSECRG')>