/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
A security scan reports the endpoint fails to properly sanitize user input. Although intended to guard against cross-site scripting (XSS) attacks, it reflects unsanitized input back into the page, allowing potential execution of arbitrary JavaScript code in the user's browser.
Environment
SAP SuccessFactors Recruiting Marketing
Cause
Improper input validation and lack of output encoding in the search functionality could allow malicious scripts to be injected and executed.
Resolution
This issue is targeted to be corrected with patch 2H2025 p9. Patch release dates can be found on this page
Click on star to bookmark this article in order to receive updates about this issue. For more information about updates from subscribed KBAs, you can refer to the KBA 2171560 - How to be notified of new or updated SAP Notes or KBAs - SAP ONE Support Launchpad.
Keywords
RMK, Security, Vulnerability, JavaScript, Cross-Site Scripting, XSS, RMK-36576, PTCH-48328 , KBA , LOD-SF-RMK-INT , Int with RCM, Data Mapping, AwLi, Multilocation posting , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)