Stored Cross-Site Scripting in SAP Contact Center by SAP
CVE-2021-33673
8.3HIGH
What is CVE-2021-33673?
The SAP Contact Center application version 700 is vulnerable to a Stored Cross-Site Scripting (XSS) issue, which occurs due to insufficient encoding of user-controlled inputs. When users navigate the employee directory, attackers can exploit this vulnerability to execute arbitrary code on the user's browser. Furthermore, with the integration of ActiveX within the application, attackers gain the capability to execute operating system-level commands, significantly increasing the potential impact of this vulnerability.
Affected Version(s)
SAP Contact Center < 700