CVE-2023-30742

Name of the Vulnerable Software and Affected Versions SAP CRM (WebClient UI) versions S4FND 102 through S4FND 107, WEBCUIF 700 through WEBCUIF 801

Description The issue arises from insufficient encoding of user-controlled inputs, leading to a stored Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this by storing a malicious URL and tricking a victim into clicking on it, resulting in the execution of the attacker's script within the victim's session. This could allow the attacker to modify or read information from the victim's session.

Recommendations For SAP CRM (WebClient UI) versions S4FND 102 through S4FND 107, update to a version that properly encodes user-controlled inputs to prevent stored XSS attacks. For WEBCUIF versions 700 through 801, ensure that all user-controlled inputs are sufficiently encoded to mitigate the stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.