SAP Knowledge Base Article - Preview

1717021 - Cross Site Scripting vulnerability - /PlatformServices/ URL


  • By using an interception proxy (BURP Suite), it was possible to exploit each of these reflected cross-site scripting ..vulnerabilities.
  • The vulnerabilities were demonstrated by generating a pop-up window containing a number.
  • Due to the ..being nature of the pop-up it was chosen rather than a more malicious exploitation of the vulnerability.
  • All vulnerabilities existed within POST requests, thus it was not possible to simply provide a URL as a Proof-of-Concept.
  • An interception proxy will be needed in order to replicate these findings.



SAP BusinessObjects XI 3.1


SAP BusinessObjects Enterprise XI 3.1


ADAPT 01468769 1468769 Business Objects Intelligence XSS Cross Site Scripting , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.