SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.
References
Link | Resource |
---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2773086 | Permissions Required Vendor Advisory |
http://www.securityfocus.com/bid/108314 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-05-14 14:29
Updated : 2019-05-16 08:31
NVD link : CVE-2019-0298
Mitre link : CVE-2019-0298
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sap
- e-commerce