Cross-Site Scripting (XSS) Vulnerability in SAP E-Commerce Application

Cross-Site Scripting (XSS) Vulnerability in SAP E-Commerce Application

CVE-2019-0298 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.

Learn more about our Web App Pen Testing.