SAP Biller Direct is a Web application from SAP Germany. It is used to present customer accounts in an Internet portal. A cross-site scripting vulnerability exists in SAP Biller Direct versions 635 and 750, which stems from the applicationβs lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.