Description
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
Affected products
- SAP_SE / SAP Financial Consolidation< 10.0 – < 10.0
- SAP_SE / SAP Financial Consolidation< 10.1 – < 10.1