[ERPSCAN-12-010] SAP TesContainerAdmin service – Stored XSS
Application: SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms)
Vendor URL: http://sap.com
Bugs: Multiple Stored XSS
Vendor response: 14.05.2011
Date of Public Advisory: 20.01.2012
Reference: SAP Security Note 1591749
SAP NetWeaver contains a flaw in its Text Container Administration Application – Stored XSS vulnerability.
Legitimate user of SAP can insert a malicious script into SAP and gain unauthorized access to workstation of any user which will open the link.