CVE-2016-6856
Severity
6.1MEDIUM
EPSS
0.2%
top 53.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 31
Latest updateMay 17
Description
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-95xh-v26r-rgjw: Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6↗2022-05-17
CVEList▶
CVE-2016-6856: Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6↗2016-12-31