SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC prior to 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL prior to 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) prior to 7.5, 7.6, and SAP GUI for Java (BC-FES... SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a mal...