SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
[
{
"product": "SAP CRM WebClient UI (SAPSCORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 1.12"
}
]
},
{
"product": "SAP CRM WebClient UI (S4FND)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 1.02"
}
]
},
{
"product": "SAP CRM WebClient UI (WEBCUIF)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.31"
},
{
"status": "affected",
"version": "< 7.46"
},
{
"status": "affected",
"version": "< 7.47"
},
{
"status": "affected",
"version": "< 7.48"
},
{
"status": "affected",
"version": "< 8.0"
},
{
"status": "affected",
"version": "< 8.01"
}
]
}
]