CVE-2020-6201

Summary

The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce Cloud (Testweb Extension)< 6.6affected
SAP SESAP Commerce Cloud (Testweb Extension)< 6.7affected
SAP SESAP Commerce Cloud (Testweb Extension)< 1808affected
SAP SESAP Commerce Cloud (Testweb Extension)< 1811affected
SAP SESAP Commerce Cloud (Testweb Extension)< 1905affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References