Описание
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
Уязвимость компонента eProcurement программного средства управления финансами SAP S/4HANA Finance, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
6.1 Medium
CVSS3