Cross site scripting

2019-10-0820:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

23.0%

JSON

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

CPENameOperatorVersion
customer_relationship_management_bbpcrmeq7.0
customer_relationship_management_bbpcrmeq7.01
customer_relationship_management_bbpcrmeq7.02
customer_relationship_management_bbpcrmeq7.12
customer_relationship_management_bbpcrmeq7.13
customer_relationship_management_bbpcrmeq7.14
customer_relationship_management_s4crmeq1.0
customer_relationship_management_s4crmeq2.0

Name	Operator	Version
customer_relationship_management_bbpcrm	eq	7.0
customer_relationship_management_bbpcrm	eq	7.01
customer_relationship_management_bbpcrm	eq	7.02
customer_relationship_management_bbpcrm	eq	7.12
customer_relationship_management_bbpcrm	eq	7.13
customer_relationship_management_bbpcrm	eq	7.14
customer_relationship_management_s4crm	eq	1.0
customer_relationship_management_s4crm	eq	2.0

References

launchpad.support.sap.com/

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for PRION:CVE-2019-0368