SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 | vendor advisory |
https://launchpad.support.sap.com/#/notes/2948239 | permissions required vendor advisory |