CVE-2023-39437: 
SAP Business One vulnerability analysis and mitigation

SAP Business One version 10.0 contains a Cross-Site Scripting (XSS) vulnerability tracked as CVE-2023-39437. The vulnerability was disclosed in August 2023 and allows attackers to inject malicious code into web pages or applications that gets delivered to clients (SecurityWeek, CyberSecurityNews).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 7.6 (High) according to SAP SE's assessment, with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L. The NVD assessment gives it a slightly lower CVSS score of 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability affects the Confidentiality, Integrity, and Availability of the application. When successfully exploited, it allows attackers to inject and execute malicious code that gets delivered to clients, potentially compromising sensitive data and application functionality (CyberSecurityNews).

SAP has released patches to address this vulnerability as part of their August 2023 Security Patch Day. Users of SAP Business One version 10.0 are recommended to apply the latest security updates to mitigate this vulnerability (SecurityWeek).