Cross-Site Scripting Vulnerability in SAP Commerce by SAP
CVE-2019-0238

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Commerce (ex. SAP Hybris Commerce)
Vendor
CVE Published:
8 January 2019

Summary

SAP Commerce, earlier known as SAP Hybris Commerce, is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient encoding of user-controlled inputs prior to version 6.7. This vulnerability can allow attackers to inject malicious scripts into web pages viewed by other users, leading to potential data theft or unauthorized actions within user sessions. It is vital for organizations using this software to implement necessary security updates to mitigate exposure to this and similar threats.

Affected Version(s)

SAP Commerce (ex. SAP Hybris Commerce) < 6.7

References

http://www.securityfocus.com/bid/106462
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2697573
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.