Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product E-commerce
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-0308 1 Sap 1 E-commerce 2024-02-28 3.5 LOW 6.8 MEDIUM
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.
CVE-2019-0298 1 Sap 1 E-commerce 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.