CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33674
https://notcve.org/view.php?id=CVE-2021-33674
14 Sep 2021 — Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser. En determinadas condiciones, SAP Contact Center - versión 700, no codifica suficientemente las entradas controladas por el usuario. Esto permite a un atacante explotar una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejad... • https://launchpad.support.sap.com/#/notes/3073891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33672
https://notcve.org/view.php?id=CVE-2021-33672
14 Sep 2021 — Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient's scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availabilit... • https://launchpad.support.sap.com/#/notes/3073891 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33675
https://notcve.org/view.php?id=CVE-2021-33675
14 Sep 2021 — Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser. En determinadas condiciones, SAP Contact Center - versión 700, no codifica suficientemente las entradas controladas por el usuario. Esto permite a un atacante explotar una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado mediant... • https://launchpad.support.sap.com/#/notes/3073891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33673
https://notcve.org/view.php?id=CVE-2021-33673
14 Sep 2021 — Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands. Bajo determinadas condiciones, SAP Contact Center - versión 700,no codific... • https://launchpad.support.sap.com/#/notes/3073891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •