SAP Business One Job Service DOM-Based Cross-Site Scripting Vulnerability

A DOM-based Cross-Site Scripting (XSS) vulnerability has been identified in SAP Business One Job Service. This issue arises from inadequate validation of user-controlled input in the URLs query parameter, allowing an unauthenticated attacker to inject malicious input. When this input is interacted with by a user, it could lead to a XSS vulnerability. The impact of this vulnerability is low, affecting the application's confidentiality and integrity, with no effect on availability.

Impact

Exploitation of this vulnerability allows for DOM-based Cross-Site Scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.