CVE-2020-6200
published 2020-03-10CVE-2020-6200: The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imagemagick | imagemagick | >= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.10 | 8:6.9.10.23+dfsg-2.1ubuntu11.10 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | < 6.6 | 6.6 |
| sap_se | sap_commerce_cloud | < 6.7 | 6.7 |
| sap_se | sap_commerce_cloud | < 1808 | 1808 |
| sap_se | sap_commerce_cloud | < 1811 | 1811 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv7.8HIGH