SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC prior to 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL prior to 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) prior to 7.5, 7.6, and SAP GUI for Java (BC-FES... SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a mal...