CVE-2019-0368
MEDIUMSAP Customer Relationship Management BBPCRM < 7.14 and S4CRM < 2.0 - Cross-Site Scripting in Email Management
Title source: llmDescription
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2751806
Scores
CVSS v3
5.4
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (8)
sap/customer_relationship_management_bbpcrm
7.0
sap/customer_relationship_management_bbpcrm
7.01
sap/customer_relationship_management_bbpcrm
7.02
sap/customer_relationship_management_bbpcrm
7.12
sap/customer_relationship_management_bbpcrm
7.13
sap/customer_relationship_management_bbpcrm
7.14
sap/customer_relationship_management_s4crm
1.0
sap/customer_relationship_management_s4crm
2.0
Published
Oct 08, 2019
Tracked Since
Feb 18, 2026