Cross-Site Scripting Vulnerability in SAP Hybris Management Console
CVE-2016-6858

5.4MEDIUM

Key Information:

Vendor: SAP
Status: Hybris
Vendor: CVE Published:; 31 December 2016

Summary

The Create Employee feature in the Hybris Management Console (HMC) of SAP Hybris versions prior to 5.0.4.11, 5.1.0.x before 5.1.0.11, and various other specific versions is susceptible to a Cross-site Scripting (XSS) vulnerability. This allows remote authenticated users to inject and execute arbitrary web scripts or HTML via the Name field, potentially compromising user data and application integrity. It's essential for users of affected versions to apply necessary patches and updates to mitigate risks associated with this security flaw.

References

http://www.securityfocus.com/bid/93966

vdb-entryx_refsource_BID

https://www.compass-security.com/fileadmin/Datein/Researc...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2016
Vulnerability Reserved
Aug 18, 2016