SAP.CFolders.XSS

description-logoDescription

This indicates an attack attempt against a Cross Site Scripting vulnerability in SAP cFolders.
The vulnerability is a result of the user input filter's failure to properly sanitize the "p_current_role" parameter that is passed to "col_table_filter.htm". An attacker may include javascript code by supplying an injection string through the URL.

affected-products-logoAffected Products

SAP cFolders

Impact logoImpact

Information Disclosure.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for a suggested workaround.
https://websmp230.sap-ag.de/sap/support/notes/1284360

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)