1. SAP Glossary
  2. Supplier Relationship Management
  3. cross-site scripting


What is cross-site scripting in SAP SRM - Supplier Relationship Management?


Instant HelpGet instant SAP help. Start your 7-day free trial now.

SAP Term: cross-site scripting

  • Component: SRM

  • Component Name: Supplier Relationship Management

  • Description: The manipulation of user entries that are transferred to a Web application when an attacker embeds harmful program code into a correct environment, so that this code is executed on client-side. XSS attacks are mostly used for spying purposes, to manipulate user data, or to execute foreign program code. &EXAMPLE& Web applications are often programmed in script languages typically JavaScript to allow dynamic content where the user entries are coded in the GET parameters of the URL. If these parameters are then processed in the program without being checked, it is possible for harmful code to reach the generated Web site where it is then executed by the browser. Since the JavaScript code that is executed locally is able to access the cookies managed by the browser, it is possible for content to be read and transferred to another Web site, for example. You can protect against cross-site scripting by checking and filtering all user entries.


Smart SAP Assistant

  • Key Concepts: 
Cross-site scripting (XSS) is a type of computer security vulnerability that allows attackers to inject malicious code into webpages. In the context of SAP SRM Supplier Relationship Management, XSS can be used to gain access to confidential supplier information, such as pricing and payment terms. 

How to use it: 
To protect against XSS attacks, SAP SRM Supplier Relationship Management provides a number of security measures. These include input validation, output encoding, and content security policies. Input validation ensures that only valid data is accepted by the system, while output encoding ensures that any malicious code is rendered harmless. Content security policies are used to restrict the types of scripts that can be executed on the system. 

Tips & Tricks: 
It is important to regularly review and update your security measures to ensure that they are up-to-date and effective. Additionally, it is important to educate users on the risks associated with XSS attacks and how to protect against them. 

Related Information: 
For more information on XSS attacks and how to protect against them, please refer to the SAP Security Guide or contact your SAP support team.

    • Do you have any question about this SAP term?


      Upgrade now to chat with this SAP term.

Instant HelpGet instant SAP help. Start your 7-day free trial now.


Related SAP Glossary Terms

Click the links below to see the following related SAP glossary terms:
Rating
ERPlingo simplifies finding the accurate answers to SAP message errors. I now use every week. A must have tool for anyone working with SAP! Highly recommended!
Rate 1
Kent Bettisworth
Executive SAP Consultant