Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1626650-4)
Описание
ReasonThe Environmental Compliance Reporting provides a tab which shows the reports as an HTML page. This feature has been introduced to allow the user to send the link of the HTML page via email. When the HTML page is generated, the EC application does not check the HTML content regarding cross site scripting security vulnerability.
Как исправить
This security gap is fixed within the following releases:- EC 3.0 SP11 Patch 1 and later releasesThe security issue has been fixed. The data which is used for the HTML page generation is now checked and modified to avoid cross site scripting attacks.Please see also SAP Note 1139005 regarding to the release dates of the patch levels.
Ссылки