Описание
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00371
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.
EPSS
Процентиль: 58%
0.00371
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79