Cross-Site Scripting Vulnerability in SAP Customer Relationship Management (Email Management)

Cross-Site Scripting Vulnerability in SAP Customer Relationship Management (Email Management)

CVE-2019-0368 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

Learn more about our Crm Penetration Testing.