SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108314 | Third Party Advisory VDB Entry |
https://launchpad.support.sap.com/#/notes/2773086 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2019-05-14 21:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-0298
Mitre link : CVE-2019-0298
CVE.ORG link : CVE-2019-0298
JSON object : View
Products Affected
sap
- e-commerce
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')