CVE-2023-49577
MEDIUMSAP HCM SMART PAYE S4HCMCIE 100 SAP_HRCIE 600 604 608 - Cross-Site Scripting
Title source: llmDescription
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory
https://me.sap.com/notes/3217087
Scores
CVSS v3
6.1
EPSS
0.0011
EPSS Percentile
28.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
sap/human_capital_management
s4hcmcie_100
sap/human_capital_management
sap_hrcie_600
sap/human_capital_management
sap_hrcie_604
sap/human_capital_management
sap_hrcie_608
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026