AWS SAP Project

DOM - XSS (Cross Site Scripting).

Scroll

Document Object Method

Project Name Amazon AWS
Client Amazon
Status Done

We have found a reflected Cross-Site Scripting XSS weakness in this project, which makes it possible to inject malicious scripts via an unprotected endpoint to SAP Knowledge Warehouse. We created a specific payload to be used to show how the vulnerability might be exploited by an attacker to execute scripts within the user's browser, making it possible to steal information, hijack sessions, or redirect the users to harmful sites.

We recommended that these risks be mitigated by upgrading SAP Knowledge Warehouse to a secure version that deals with this vulnerability. This project showcases our expertise in finding major security vulnerabilities, risk assessment, and providing actionable solutions in order to protect the users and make the application more secure..