CVE-2018-2505

Summary

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).

Affected Software

VendorProductVersion RangeStatus
SAPSAP Commerce (SAP Hybris Commerce)6.2affected
SAPSAP Commerce (SAP Hybris Commerce)6.3affected
SAPSAP Commerce (SAP Hybris Commerce)6.4affected
SAPSAP Commerce (SAP Hybris Commerce)6.5affected
SAPSAP Commerce (SAP Hybris Commerce)6.6affected
SAPSAP Commerce (SAP Hybris Commerce)6.7affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References