CVE-2023-39437 HIGH

CVE-2023-39437: Cross-Site Scripting (XSS) vulnerability in SAP Business One

Vendor Sap_Se
Product SAP Business One
Weakness CWE-79 · XSS
Published August 8, 2023
Last update October 11, 2024

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
October 11, 2024 Record updated