CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

Published: Feb 14, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-24525
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sap / customer_relationship_management_webclient_ui	7.01	7.01.x
sap / customer_relationship_management_webclient_ui	7.31	7.31.x
sap / customer_relationship_management_webclient_ui	7.48	7.48.x
sap / customer_relationship_management_webclient_ui	8.00	8.00.x
sap / customer_relationship_management_webclient_ui	8.01	8.01.x
sap / customer_relationship_management_webclient_ui	7.00	7.00.x
sap / customer_relationship_management_webclient_ui	7.02	7.02.x
sap / customer_relationship_management_webclient_ui	7.40	7.40.x
sap / customer_relationship_management_webclient_ui	7.50	7.50.x
sap / customer_relationship_management_webclient_ui	7.52	7.52.x
sap / s4fnd	1.02	1.02.x
sap / s4fnd	1.03	1.03.x

Vulnerability Database

290,273

CVE-2023-24525