Improper Input Validation in SAP Commerce Cloud Allows for Cross-Site Scripting and Page Hijacking

Improper Input Validation in SAP Commerce Cloud Allows for Cross-Site Scripting and Page Hijacking

CVE-2021-21445 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.

Learn more about our Web App Pen Testing.