Cross-Site Scripting Vulnerability in SAP Commerce by SAP
CVE-2025-27434
8.8HIGH
What is CVE-2025-27434?
The vulnerability in SAP Commerce's Swagger UI results from insufficient input validation, which permits an unauthenticated attacker to inject malicious code from remote sources. This flaw can potentially lead to a cross-site scripting (XSS) attack, compromising the confidentiality, integrity, and availability of sensitive data within SAP Commerce, thereby posing significant risks to the overall security of the application.
Affected Version(s)
SAP Commerce (Swagger UI) COM_CLOUD 2211