Unrated severityNVD Advisory· Published May 14, 2019· Updated Aug 4, 2024
CVE-2019-0298
CVE-2019-0298
Description
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.
Affected products
2- Range: 7.30, 7.31, 7.32, 7.33, 7.54
- SAP SE/SAP E-Commerce (SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, SAP-SHRAPP)v5Range: < 7.3
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/108314mitrevdb-entryx_refsource_BID
- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.