SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
[
{
"product": "SAP Customer Relationship Management (Email Management - S4CRM)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 1.0"
},
{
"status": "affected",
"version": "< 2.0"
}
]
},
{
"product": "SAP Customer Relationship Management (Email Management - BBPCRM)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.0"
},
{
"status": "affected",
"version": "< 7.01"
},
{
"status": "affected",
"version": "< 7.02"
},
{
"status": "affected",
"version": "< 7.12"
},
{
"status": "affected",
"version": "< 7.13"
},
{
"status": "affected",
"version": "< 7.14"
}
]
}
]