Sap · Sap Manufacturing Integration/Intelligence · CVE-2016-4016
**Name of the Vulnerable Software and Affected Versions**
SAP Manufacturing Integration and Intelligence versions 15
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `title` parameter to the "webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication" API endpoint.
**Recommendations**
For version 15, update to a version that includes the fix for SAP Security Note 2201295 to resolve the issue.