SAP Knowledge Base Article - Public

3264720 - Security Vulnerability - JavaScript knockout library v2.3.0 - Recruiting Marketing


Insecure JavaScript Library when performing Security tests:

"It was noted that the JavaScript knockout library v2.3.0 is vulnerable to cross-site scripting attacks."


SAP SuccessFactors Recruiting Marketing


According to Security Team:

1. BizX is not supported on browser IE 7.
2. The Security issue reported would cause the XSS injection only on browsers less than or equal to IE 7.
3. On all the latest browsers, this is not a concern.

For the above reasons, that the XSS injection happens only on IE 7 and lesser.

Since BizX (SuccessFactors instance) is not supported on those browsers, this is not considered a security issue.


security vulnerability, rmk, library v2.3.0, javascript library , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , Problem


SAP SuccessFactors Recruiting all versions