SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.
CPE | Name | Operator | Version |
---|---|---|---|
e-commerce | eq | 7.31 | |
e-commerce | eq | 7.32 | |
e-commerce | eq | 7.33 | |
e-commerce | eq | 7.54 | |
e-commerce | eq | 7.30 |