cve/2024/CVE-2024-34686.md

### [CVE-2024-34686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34686)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20CRM%20WebClient%20UI&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=103%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=104%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=105%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=106%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=107%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=701%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=730%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=731%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=746%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=747%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=748%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=800%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=801%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20102%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20700%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation&color=brightgreen)

### Description

Due to insufficient input validation, SAP CRMWebClient UI allows an unauthenticated attacker to craft a URL link whichembeds a malicious script. When a victim clicks on this link, the script willbe executed in the victim's browser giving the attacker the ability to accessand/or modify information with no effect on availability of the application.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-34686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34686)`
			`![](https://img.shields.io/static/v1?label=Product&message=SAP%20CRM%20WebClient%20UI&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=103%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=104%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=105%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=106%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=107%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=701%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=730%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=731%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=746%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=747%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=748%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=800%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=801%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=S4FND%20102%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20700%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation&color=brightgreen)`

			`### Description`

			`Due to insufficient input validation, SAP CRMWebClient UI allows an unauthenticated attacker to craft a URL link whichembeds a malicious script. When a victim clicks on this link, the script willbe executed in the victim's browser giving the attacker the ability to accessand/or modify information with no effect on availability of the application.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`