An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap biller direct 750 |
||
sap biller direct 635 |