Cross-Site Scripting Vulnerability in SAP Supplier Relationship Management
CVE-2014-4161

Currently unrated

Key Information:

Vendor: SAP
Status: Supplier Relationship Management
Vendor: CVE Published:; 13 June 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the la/umTestSSO.jsp component of SAP Supplier Relationship Management. This issue allows remote attackers to inject arbitrary web scripts or HTML into pages via manipulation of the url parameter. When exploited, this vulnerability can lead to unauthorized actions carried out in the context of the user's session, compromising user data and system integrity.

References

http://secunia.com/advisories/58889

third-party-advisoryx_refsource_SECUNIA

https://service.sap.com/sap/support/notes/1946420

x_refsource_CONFIRM

http://blog.emaze.net/2014/05/sap-multiple-vulnerabilitie...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 13, 2014