Cross-Site Scripting Vulnerability in SAP Hybris Inbox Search Feature
CVE-2016-6856

6.1MEDIUM

Key Information:

Vendor: SAP
Status: Hybris
Vendor: CVE Published:; 31 December 2016

Summary

A cross-site scripting (XSS) vulnerability exists in the Inbox Search feature of the Hybris Management Console (HMC) within SAP Hybris versions before 6.0. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML by manipulating the itemsperpage parameter. Exploiting this flaw may lead to unauthorized access or data exposure, highlighting the importance of promptly updating affected versions to mitigate potential security risks.

References

http://www.securityfocus.com/bid/93954

vdb-entryx_refsource_BID

https://www.compass-security.com/fileadmin/Datein/Researc...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2016
Vulnerability Reserved
Aug 18, 2016