SAP BBPCRM contains a flaw in the People-Centric UI (Business Partner) (CRM-MD-BP-PCU) component that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the CRM_PRN_ACC_OV BSP application does not validate unspecified input. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Loss of Integrity
Patch / RCS
It has been reported that this issue has been fixed. It is advised for users seeking fixes to access the referenced SAP note vendor solution in the references to do so.