/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
While processing a purchase order response in SUS you are able to enter text that can be interpreted and executed as a script. For example:
XXX<>"'YYY</textarea><script>alert(23)</script><textarea>
After saving the document this script would trigger a popup each time the PO is accessed. Similarly a malicious script could be entered which could cause security issues when executed.
Read more...
Environment
- SAP Supplier Relationship Management (SRM) 7.0 and higher
- SAP enhancement package for SAP Supplier Relationship Management
- Supplier Self Services (SUS)
Product
SAP Supplier Relationship Management 7.0 ; SAP Supplier Relationship Management 7.0 on SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package for SAP Supplier Relationship Management all versions
Keywords
cross site scripting, BBP_PDH_XSS_REPLACE, long text parsing , KBA , xss_replace_on , bbpc_xss_replace , SRM-SUS , Supplier Self-Services , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)