SAP’s new set of patches includes two high-priority security notes, the most severe of which addresses a cross-site scripting (XSS) bug in Financial Consolidation.According to application security firm Onapsis, the security note addresses two XSS flaws in SAP’s product, collectively tracked as CVE-2024-37177 (CVSS score of 8.1).“The more critical one allows data to enter a web application through an untrusted source and manipulating web site content. This causes a high impact on the confidentiality and integrity of the application,” Onapsis explains.