CVE-2023-39437

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 70.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONESAP Business ONE
Timeline
PublishedAug 8

Description

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 2.1 | Impact: 5.5

Affected Packages2 packages

CVEListV5sap_se/sap_business_one10.0

🔴Vulnerability Details

2
GHSA
GHSA-q3vh-w26g-crh6: SAP business One allows - version 102023-08-08
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP Business One2023-08-08
CVE-2023-39437 (MEDIUM CVSS 5.4) | SAP business One allows - version 1 | cvebase.io