SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

Related CVEs

CVE-2019-0368

Key Information

GHSA ID

GHSA-6vf3-fwwc-fvqx

Published

May 24, 2022 4:57 PM

Last Modified

April 4, 2024 2:09 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 26, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.