Symptom
XSS in datastore.Describe("DataWindow.Data.HTML") issue. User can enter a malicious script in an edit box on html page generated by DataWindow.Data.HTML.
Customer is using this web datawindow in EAServer and claims it is a security issue and should be addressed.
Read more...
Environment
- SAP PowerBuilder 12.6
- Sybase EAServer 6.3.1
Product
SAP PowerBuilder 12.6 ; Sybase EAServer 6.3
Keywords
cr793116, cr 793116, HTML DW , KBA , BC-SYB-PB , PowerBuilder , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.