S4fnd Security Vulnerabilities and Issues — S4fnd CVE List

Lucene search

SapS4fnd

5 matches found

CVE•added 2023/02/14 4:15 a.m.•43 views

CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

5.4CVSS5.2AI score0.0043EPSS

CVE•added 2019/01/08 8:29 p.m.•42 views

CVE-2019-0245

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

5.4CVSS5.3AI score0.00317EPSS

CVE•added 2019/01/08 8:29 p.m.•39 views

CVE-2019-0244

5.4CVSS5.3AI score0.00317EPSS

CVE•added 2018/02/14 12:29 p.m.•37 views

CVE-2018-2364

SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.00313EPSS

CVE•added 2023/05/09 1:15 a.m.•37 views

CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vul...

5.4CVSS5.3AI score0.00336EPSS