Cross site scripting

2023-02-1404:15:00

PRIOn knowledge base

www.prio-n.com

sap

crm

webclient ui

xss vulnerability

webcuif

s4fnd 102

103

0.001 Low

EPSS

Percentile

21.2%

JSON

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

CPENameOperatorVersion
customer_relationship_management_webclient_uieq7.01
customer_relationship_management_webclient_uieq7.31
customer_relationship_management_webclient_uieq7.48
customer_relationship_management_webclient_uieq8.00
customer_relationship_management_webclient_uieq8.01
customer_relationship_management_webclient_uieq7.00
customer_relationship_management_webclient_uieq7.02
customer_relationship_management_webclient_uieq7.40
customer_relationship_management_webclient_uieq7.50
customer_relationship_management_webclient_uieq7.52

Name	Operator	Version
customer_relationship_management_webclient_ui	eq	7.01
customer_relationship_management_webclient_ui	eq	7.31
customer_relationship_management_webclient_ui	eq	7.48
customer_relationship_management_webclient_ui	eq	8.00
customer_relationship_management_webclient_ui	eq	8.01
customer_relationship_management_webclient_ui	eq	7.00
customer_relationship_management_webclient_ui	eq	7.02
customer_relationship_management_webclient_ui	eq	7.40
customer_relationship_management_webclient_ui	eq	7.50
customer_relationship_management_webclient_ui	eq	7.52