VYPR
Unrated severityNVD Advisory· Published Oct 15, 2020· Updated Aug 4, 2024

CVE-2020-6272

CVE-2020-6272

Description

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected products

2
  • Range: 1808, 1811, 1905, 2005
  • SAP SE/SAP Commerce Cloudv5
    Range: < 1808

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.