A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-12-010] SAP TesContainerAdmin service – Stored XSS

Application: SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms)
Vendor URL:
Bugs: Multiple Stored XSS
Risk: High
Exploits: YES
Reported: 13.05.2011
Vendor response: 14.05.2011
Date of Public Advisory: 20.01.2012
Reference: SAP Security Note 1591749

SAP NetWeaver contains a flaw in its Text Container Administration Application - Stored XSS vulnerability.

Business Risk
Legitimate user of SAP can insert a malicious script into SAP and gain unauthorized access to workstation of any user which will open the link.