Cross-Site Scripting Vulnerability in SAP CRM WebClient UI
CVE-2019-0244

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Webclient Ui (SAPscore); SAP Crm Webclient Ui (s4fnd); SAP Crm Webclient Ui (webcuif)
Vendor: CVE Published:; 8 January 2019

Summary

The SAP CRM WebClient UI is susceptible to a Cross-Site Scripting (XSS) vulnerability due to inadequate encoding of user-controlled inputs. This flaw can allow attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and user sessions. SAP has released fixes in various software versions, ensuring proper input handling to mitigate this risk.