SAP Commerce Backoffice vulnerable to XSS
CVE-2024-45278
5.4MEDIUM
What is CVE-2024-45278?
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Affected Version(s)
SAP Commerce Backoffice HY_COM 2205
SAP Commerce Backoffice COM_CLOUD 2211