SAP Hana Cloud Platform Cockpit Cross site Scripting Vulnerabilities ======================================================================== Vender: SAP Product: SAP HANA CLoud Vulnerability Type: Cross site scripting Title: SAP Hana Cloud Cross scripting in User Display Name Details: SAP Hana cloud allows any user with the least privileges to input arbitrary client side JS code into the Display Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon viewing the victim's profile. Note: All webpages of the domain are affected Vulnerable Parameter: SAP Hana Cloud User Account Display Name "Display Name" Method: POST Exploit Code: https://localhost/a/cockpit#/acc/[account-id]/accountmanagement Post data Impact: Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to bypass CSRF protections, injection of iframes to establish communication channels etc. Severity Level: Critical ------------------------------------------------------------------------ Vender: SAP Product: SAP HANA CLoud Vulnerability Type: Cross site scripting Title: SAP Hana Cloud Cross site scripting in HTML5 Application Name Details: SAP Hana cloud allows users to input arbitrary client side JS code into the HTML5 Application Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the HTML5 application Vulnerable Parameter: SAP Hana Cloud HTML5 Application Name "Application Name" Method: POST Exploit Code: https://localhost/a/cockpit#/acc/[account-id]/hcproxy Post data Impact: Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to bypass CSRF protections, injection of iframes to establish communication channels etc. Severity Level: Critical ------------------------------------------------------------------------ Vender: SAP Product: SAP HANA CLoud Vulnerability Type: Cross site scripting Title: SAP Hana Cloud Cross scripting in Database Repository Name Details: SAP Hana cloud allows users to input arbitrary client side JS code into the Database Repository Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the Database Repo application Vulnerable Parameter: SAP Hana Cloud HTML5 Database Repository Name "Display Name" Method: POST Exploit Code: https://localhost/a/cockpit#/acc/[account-id]/repositories/[repository-name]/ecmrepositorysettings Post data Impact: Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to bypass CSRF protections, injection of iframes to establish communication channels etc. Severity Level: Critical