/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Third Party security scan report Content Injection issue, that can be found in the keyword search.
Environment
SAP SuccessFactors Recruiting Marketing
Reproducing the Issue
Add special character (* `&` * `<` * `>` * `'` * `'` * `/`), in the keyword search.
You will see them injected and parsed in the response page URL.
Cause
Expected behavior
Resolution
To display the search keyword in the response is not a content injection issue, but an expected behavior
According to our security team, this behavior doesn't influence the system and is not a security concern.
Keywords
RMK, Security, content, injection, parsing, html , KBA , LOD-SF-RMK-PSI , Security , LOD-SF-RMK-SEC , Security & Vulnerabilities , How To
Product
SAP SuccessFactors Recruiting 2211
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)