Cross-Site Scripting Vulnerability in SAP CRM WebClient UI
CVE-2019-0244
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 January 2019
What is CVE-2019-0244?
The SAP CRM WebClient UI is susceptible to a Cross-Site Scripting (XSS) vulnerability due to inadequate encoding of user-controlled inputs. This flaw can allow attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and user sessions. SAP has released fixes in various software versions, ensuring proper input handling to mitigate this risk.
Affected Version(s)
SAP CRM WebClient UI (S4FND) < 1.02
SAP CRM WebClient UI (SAPSCORE) < 1.12
SAP CRM WebClient UI (WEBCUIF) < 7.31 < 7.31