CVE-2023-30742

MEDIUM

SAP CRM WebClient UI S4FND 102-107, WEBCUIF 700-801 - Stored Cross-Site Scripting

Title source: llm

Description

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://launchpad.support.sap.com/#/notes/3315971

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.1

EPSS 0.0044

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (14)

sap/customer_relationship_management_s4fnd 102

sap/customer_relationship_management_s4fnd 103

sap/customer_relationship_management_s4fnd 104

sap/customer_relationship_management_s4fnd 105

sap/customer_relationship_management_s4fnd 106

sap/customer_relationship_management_s4fnd 107

sap/customer_relationship_management_webclient_ui 700

sap/customer_relationship_management_webclient_ui 701

sap/customer_relationship_management_webclient_ui 731

sap/customer_relationship_management_webclient_ui 746

... and 4 more

Published May 09, 2023

Tracked Since Feb 18, 2026