CVE-2018-2505
published 2018-12-11CVE-2018-2505: SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | hybris | — | — |
| sap | hybris | — | — |
| sap | hybris | — | — |
| sap | hybris | — | — |
| sap | hybris | — | — |
| sap | hybris | — | — |
| sap | sap_commerce | — | — |
| sap | sap_commerce | — | — |
| sap | sap_commerce | — | — |
| sap | sap_commerce | — | — |
| sap | sap_commerce | — | — |
| sap | sap_commerce | — | — |