exploitDog

CVE-2016-6856

Опубликовано: 31 дек. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.

Ссылки

http://www.securityfocus.com/bid/93954
Third Party Advisory
VDB Entry
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-685X_SAP-Hybris_XSS.txt
Third Party Advisory
http://www.securityfocus.com/bid/93954
Third Party Advisory
VDB Entry
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-685X_SAP-Hybris_XSS.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*

Версия до 5.6.0.10 (включая)

EPSS

Процентиль: 46%

0.00233

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-95xh-v26r-rgjw

CVSS3: 6.1

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.

EPSS

Процентиль: 46%

0.00233

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79