CVE-2016-6856

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Hybris
Vendor
CVE Published:
31 December 2016

Summary

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.

References

http://www.securityfocus.com/bid/93954
vdb-entryx_refsource_BID
https://www.compass-security.com/fileadmin/Datein/Researc...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.