Cross-Site Scripting Vulnerability in SAP Customer Relationship Management (Email Management)
CVE-2019-0368 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
Learn more about our Crm Penetration Testing.