Skip to main content

Sap Crm Webclient Ui

1 CVEs product

Monthly

CVE-2026-44768 MEDIUM This Month

Script injection in SAP CRM WebClient UI is enabled by absent Content Security Policy (CSP) directives for certain restrictive headers, allowing an authenticated low-privileged attacker to inject malicious JavaScript that executes in a victim user's browser session. The CVSS vector (PR:L/UI:R/S:C) confirms this requires both an authenticated attacker and victim interaction, with a cross-scope impact consistent with browser-context script execution. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis, and impact is bounded to low integrity with no confidentiality or availability consequence.

SAP Code Injection Sap Crm Webclient Ui
NVD
CVSS 3.1
4.1
EPSS
0.2%
EPSS 0% CVSS 4.1
MEDIUM This Month

Script injection in SAP CRM WebClient UI is enabled by absent Content Security Policy (CSP) directives for certain restrictive headers, allowing an authenticated low-privileged attacker to inject malicious JavaScript that executes in a victim user's browser session. The CVSS vector (PR:L/UI:R/S:C) confirms this requires both an authenticated attacker and victim interaction, with a cross-scope impact consistent with browser-context script execution. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis, and impact is bounded to low integrity with no confidentiality or availability consequence.

SAP Code Injection Sap Crm Webclient Ui
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy