Cross-Site Scripting Vulnerability in SAP Hybris Management Console
CVE-2016-6857

5.4MEDIUM

Key Information:

Vendor: SAP
Status: Hybris
Vendor: CVE Published:; 31 December 2016

Summary

A cross-site scripting vulnerability exists in the Create Catalogue feature of the SAP Hybris Management Console. This issue impacts various versions of SAP Hybris, allowing remote authenticated users to inject malicious web scripts or HTML through the ID field. If exploited, this vulnerability could lead to unauthorized actions and compromise the integrity of web applications.

References

http://www.securityfocus.com/bid/93960

vdb-entryx_refsource_BID

https://www.compass-security.com/fileadmin/Datein/Researc...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2016
Vulnerability Reserved
Aug 18, 2016