CVE-2023-29188 MEDIUM

CVE-2023-29188: Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Vendor Sap_Se
Product SAP CRM WebClient UI
Weakness CWE-79 · XSS
Published May 9, 2023
Last update January 28, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.

Key dates

02Disclosure timeline

May 9, 2023 CVE published
January 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability CVE-2023-47797 CVE-2024-8717 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting CVE-2025-30925 WordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-7648 Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting