• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1626650 - Cross site scripting adaption of EC 30 pivot query HTML view

Главная Специалистам База уязвимостей Note 1626650 - Cross site scripting adaption of EC 30 pivot query HTML view

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1626650-4)
Описание
ReasonThe Environmental Compliance Reporting provides a tab which shows the  reports as an HTML page. This feature has been introduced to allow the  user to send the link of the HTML page via email. When the HTML page is  generated, the EC application does not check the HTML content regarding cross site scripting security vulnerability.
Как исправить
This security gap is fixed within the following releases:- EC 3.0 SP11 Patch 1 and later releasesThe security issue has been fixed. The data which is used for the HTML page generation is now checked and modified to avoid cross site scripting attacks.Please see also SAP Note 1139005 regarding to the release dates of the patch levels.
Ссылки