Solution : https://service.sap.com/sap/support/notes/1657210 (SAP Service marketplace login required)
Key words :
crm web request toolbox, sufficiently encode output parameters, cross site scripting issue, terms cross site scripting, potentially obtain authentification information, modify displayed application content, cross-site scripting, - crm_tbox_uploadthe design defines, malicious user allowing, malicious user
Related Notes :
1582870 | ABAP XSS Escaping Support |
1582867 | Security options (XSS) for ESCAPE |