CVE-2023-30742

CVSS V2 None CVSS V3 None

Description

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.

Overview

CVE ID
CVE-2023-30742

Assigner
cna@sap.com

Vulnerability Status
Received

Published Version
2023-05-09T02:15:12

Last Modified Date
2023-05-09T02:15:12

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://launchpad.support.sap.com/#/notes/3315971
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-30742
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30742

History

Created	Old Value	New Value	Data Type	Notes
2023-05-09 03:05:14				Added to TrackCVE
2023-05-09 03:05:18			Weakness Enumeration	new