SAP Disclosure Management before 10.1 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability


SAP Disclosure Management before 10.1 suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability


The information has been provided by Deniz Cevik

The original article can be found at:


SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.


Vulnerable Systems:

SAP Disclosure Management before version 10.1


CVE Information:



Disclosure Timeline:
Published Date:1/14/2020

Categories: FeaturedNews