Cross-Site Scripting (XSS) Vulnerability in SAP Commerce Storefronts

Cross-Site Scripting (XSS) Vulnerability in SAP Commerce Storefronts

CVE-2018-2505 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).

Learn more about our User Device Pen Test.