Home
MEDIUM: 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NDefault status
unaffected
SAP_APPL 618
affected
S4CORE 102
affected
103
affected
104
affected
105
affected
106
affected
107
affected
108
affected
109
affected
EA-APPL 600
affected
602
affected
603
affected
604
affected
605
affected
606
affected
617
affected
Description
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Problem types
CWE-601: URL Redirection to Untrusted Site
Product status
SAP_APPL 618
S4CORE 102
103
104
105
106
107
108
109
EA-APPL 600
602
603
604
605
606
617