CVE-2023-39437

Name of the Vulnerable Software and Affected Versions SAP Business One version 10.0

Description The issue allows an attacker to insert malicious code into the content of a web page or application, resulting in Cross-site scripting. This could lead to harmful actions affecting the Confidentiality, Integrity, and Availability of the application. The vulnerability is related to the lack of protection of the web page structure, which can be exploited by a remote attacker to conduct Cross-site scripting attacks.

Recommendations For SAP Business One version 10.0, consider disabling the functionality that allows insertion of code into web page content until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.