CVE-2018-2410Cross-site Scripting in SE SAP Business ONE

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 48.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONESAP Business ONE
Timeline
PublishedApr 10
Latest updateMay 13

Description

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDsap/business_one9.2, 9.3+1
CVEListV5sap_se/sap_business_one9.20, 9.30+1

🔴Vulnerability Details

2
GHSA
GHSA-79xw-w252-8j6q: SAP Business One, 92022-05-13
CVEList
CVE-2018-2410: SAP Business One, 92018-04-10
CVE-2018-2410 — Cross-site Scripting | cvebase