CVE Published: 08/10/2019 |
CVE Updated: 04/08/2024 |
CVE Year: 2019 Source: sap |
Vendor: SAP SE |
Product: SAP Financial Consolidation Status : PUBLISHED
CVE-2019-0369 Description
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.