CVE-2024-37174 Information

Description

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Reference

https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday https://me.sap.com/notes/3467377