Cross-Site Scripting (XSS) vulnerability in SAP Business One
CVE-2023-39437

7.6HIGH

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 8 August 2023

Summary

SAP Business One, version 10.0, contains a vulnerability that enables attackers to inject malicious scripts into web pages or applications. This security flaw allows the execution of harmful code upon user interaction, potentially compromising the confidentiality, integrity, and availability of sensitive data. Organizations using this version must be alerted to the risks associated with unauthorized script execution, which can lead to various malicious actions against users.

Affected Version(s)

SAP Business One 10.0

References

https://me.sap.com/notes/3358300

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Aug 1, 2023