Описание
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:human_capital_management:s4hcmcie_100:*:*:*:*:*:*:*
cpe:2.3:a:sap:human_capital_management:sap_hrcie_600:*:*:*:*:*:*:*
cpe:2.3:a:sap:human_capital_management:sap_hrcie_604:*:*:*:*:*:*:*
cpe:2.3:a:sap:human_capital_management:sap_hrcie_608:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00108
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
около 2 лет назад
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
EPSS
Процентиль: 29%
0.00108
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79