Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1475605-4)
SAP Support Packages
(SAPK-70102INSRMSRV)
Описание
Pages or API interface within the LAC application do not sufficiently encode [INPUT | OUTPUT] parameters, resulting in a reflected cross-site scripting issue.
A reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content from a web site.
This is a program error. The error is caused due to missing validation and missing encoding of the user's input into the application thereby allowing entry of JAVAScript commands into the input fields.
A reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content from a web site.
This is a program error. The error is caused due to missing validation and missing encoding of the user's input into the application thereby allowing entry of JAVAScript commands into the input fields.
Как исправить
Solution Details:
The HTML encoding of fields at input prevents the system from executing HTML and Java script in the browser. This way, user inputs (containing HTML or Java script) are effectively prevented from causing an unwanted or security-critical response.
The HTML encoding of fields at input prevents the system from executing HTML and Java script in the browser. This way, user inputs (containing HTML or Java script) are effectively prevented from causing an unwanted or security-critical response.
Ссылки