CVE-2021-33674
published 2021-09-14CVE-2021-33674: Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | contact_center | — | — |
| sap_se | sap_contact_center | < 700 | 700 |