Cross-Site Scripting Vulnerability in SAP Commerce Cloud
CVE-2020-6272

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce Cloud
Vendor: CVE Published:; 15 October 2020

Summary

The SAP Commerce Cloud versions 1808, 1811, 1905, and 2005 contain a vulnerability that fails to properly encode user inputs. This deficiency allows an authenticated content manager to inject malicious scripts into various web CMS components. These scripts can be saved and may execute when the corresponding web page is accessed, leading to potential exploitation via Cross-Site Scripting (XSS). Effective measures should be implemented to mitigate this risk and secure user data.

Affected Version(s)

SAP Commerce Cloud < 1808 < 1808

SAP Commerce Cloud < 1811 < 1811

SAP Commerce Cloud < 1905 < 1905

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2917381

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Jan 8, 2020