VYPR
Unrated severityNVD Advisory· Published May 14, 2019· Updated Aug 4, 2024

CVE-2019-0298

CVE-2019-0298

Description

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.

Affected products

2
  • Range: 7.30, 7.31, 7.32, 7.33, 7.54
  • SAP SE/SAP E-Commerce (SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, SAP-SHRAPP)v5
    Range: < 7.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.