SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3483256 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
History
12 Sep 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:commerce_backoffice:hy_com_2205:*:*:*:*:*:*:* | |
Summary |
|
|
References | () https://me.sap.com/notes/3483256 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
First Time |
Sap
Sap commerce Backoffice |
13 Aug 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 04:15
Updated : 2024-09-12 13:53
NVD link : CVE-2024-41735
Mitre link : CVE-2024-41735
CVE.ORG link : CVE-2024-41735
JSON object : View
Products Affected
sap
- commerce_backoffice
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')