Symptom
You create a Bid invitation and specify and go to Dynamic Attributes tab and enter the Dynamic attribute Description as "<a href="javascript:alert();">Click me!</a>", for example.
When you change the tabs or open the bid invitation again, the system displays a dialog box that contains the following text: "Click me!".
Same problem occurs when you provide it as a description of some other fields like Partner details, Bidder output data details in Bid invitation, and Incoterm Description in Quotation.
Other terms
BBP_BID_INV, BBP_QUOT, Description, XSS, cross-site scripting, Partner details, Bidder output data details, Incoterm Description
Reason and Prerequisites
This problem is caused by a program error. The fields were not masked correctly.
Solution
Import the relevant Support Package or implement the attached correction instructions.
Affected Releases
|
Visit https://service.sap.com/sap/support/notes/1335926 for Correction delivered in Support Package & Corrections Instructions
No comments:
Post a Comment