OSVDB ID: 100152

Title: SAP Target Groups (CRM-MKT-SEG-TGR) Component Unspecified Reflected XSS

Info

Disclosure

May 08, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 08, 2012

Description

SAP Target Groups (CRM-MKT-SEG-TGR) component contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate unspecified input before returning it to users. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. It is advised for users seeking fixes to access the referenced SAP note vendor solution in the references to do so.

Products

SAP AG

Target Groups (CRM-MKT-SEG-TGR)

Unspecified

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/100152