2588281 - Vendavo application Security Vulnerability

Symptom

Vendavo application could be vulnerable to stored cross site scripting attacks that can be exploited by an authenticated user.

Affected Parameter:callback

** Vendavo are aware of the issue and have created JIRA VEN-44117

Environment

Vendavo Product	Version
SAP Price and Margin Management	< 8.3.0

Product

SAP Price and Margin Management 5.2 by Vendavo ; SAP Price and Margin Management 5.3 by Vendavo ; SAP Price and Margin Management 6.0 by Vendavo ; SAP Price and Margin Management 6.5 by Vendavo for SAP NetWeaver 2004 ; SAP Price and Margin Management 6.5 by Vendavo for SAP NetWeaver 7.0 ; SAP Price and Margin Management 6.5.1 by Vendavo for SAP NetWeaver 2004 ; SAP Price and Margin Management 6.5.1 by Vendavo for SAP NetWeaver 2004s ; SAP Price and Margin Management 6.7 by Vendavo ; SAP Price and Margin Management 7.0 by Vendavo ; SAP Price and Margin Management 7.1 by Vendavo ; SAP Price and Margin Management 7.5 by Vendavo ; SAP Price and Margin Management 7.6 by Vendavo ; SAP Price and Margin Management 8.0 by Vendavo ; SAP Price and Margin Management 8.1 by Vendavo ; SAP Price and Margin Management 8.2 by Vendavo

Keywords

Vendavo, scripting, vulnerability, cross script, scripting, XSS, malicious, browser, HTML, cookies, session tokens, sensitive , KBA , XX-PART-PMM , Vendavo Price + Margin Mgmt. , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.