Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
BSP 跨站脚本漏洞
Vulnerability Description
SAP BSP是德国思爱普(SAP)公司的一个完整的功能应用程序。 BSP application (CRM_BSP_FRAME) 700版本、701版本、702版本、731版本、740版本、750版本、751版本、752版本、75C版本、75D版本、75E版本、75F版本、75G版本、75H版本存在跨站脚本漏洞,该漏洞源于没有对用户的输入进行检查。攻击者利用该漏洞可以劫持用户会话,读取和修改一些敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A