SAP CRM WebClient UI vulnerable to Cross-Site Scripting
CVE-2024-22130
7.6HIGH
What is CVE-2024-22130?
The Print preview feature in SAP CRM WebClient UI fails to properly encode user inputs, leading to a Cross-Site Scripting vulnerability. This flaw allows attackers with minimal privileges to manipulate application data, posing risks to data confidentiality and integrity during exploitation. Versions impacted include multiple iterations of S4FND and WEBCUIF components.
Affected Version(s)
SAP CRM WebClient UI S4FND 102
SAP CRM WebClient UI S4FND 103
SAP CRM WebClient UI S4FND 104