Skip to main content

Supplier Relationship Management CVE-2014-4161

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-06-13 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 13, 2014 - 14:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.

AnalysisAI

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. Affected products include: Sap Supplier Relationship Management.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-4159 MEDIUM POC
5.8 Jun 13

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers

CVE-2025-30009 MEDIUM
6.1 May 13

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the

CVE-2025-30010 MEDIUM
6.1 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th

CVE-2019-0361 MEDIUM
6.1 Sep 10

SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) do

CVE-2023-39436 MEDIUM
5.8 Aug 08

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker t

CVE-2025-30011 MEDIUM
5.3 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th

CVE-2026-0513 MEDIUM
4.7 Jan 13

Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CV

CVE-2025-42920 MEDIUM
6.1 Sep 09

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attack

CVE-2025-30018 HIGH
8.6 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an a

CVE-2025-30012 CRITICAL
10.0 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which al

Share

CVE-2014-4161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy