Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
2023-02-14T04:15:12.977
2024-11-21T07:48:03.890
Modified
CVSSv3.1: 6.1 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | netweaver_as_abap_business_server_pages | 7.00 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.01 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.02 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.31 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.40 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.50 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.51 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.52 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75c | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75d | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75e | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75f | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75g | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 75h | Yes |