Cross-Site Scripting Vulnerability in SAP CRM WebClient UI
CVE-2023-24525
4.3MEDIUM
What is CVE-2023-24525?
The SAP CRM WebClient UI versions WEBCUIF 748, 800, 801, and S4FND 102, 103 exhibit inadequate encoding of user input, leading to a Cross-Site Scripting (XSS) vulnerability. This flaw enables authenticated attackers to execute arbitrary scripts in the context of a victim's browser session, potentially compromising sensitive information and affecting the confidentiality of the application in limited ways. Users are advised to apply the latest patches and follow best practices for securing their environments.
Affected Version(s)
CRM (WebClient UI) WEBCUIF 748
CRM (WebClient UI) 800
CRM (WebClient UI) 801