CVE-2019-0238
published 2019-01-08CVE-2019-0238: SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | hybris | < 6.7 | 6.7 |
| sap_se | sap_commerce | < 6.7 | 6.7 |