CVE-2014-4161

SAP SRM - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References (4)

[Various Sources] http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html

[Various Sources] http://scn.sap.com/docs/DOC-8218

[Various Sources] https://service.sap.com/sap/support/notes/1946420

[Third Party Advisory] http://secunia.com/advisories/58889

Scores

EPSS 0.0029

EPSS Percentile 51.7%

Details

CWE

CWE-79

Status published

Products (2)

sap/supplier_relationship_management

n/a/n/a

Published Jun 13, 2014

Tracked Since Feb 18, 2026