Vulnerability Details CVE-2017-9613
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://seclists.org/bugtraq/2017/Jun/27
- http://www.securityfocus.com/archive/1/540731/100/0/threaded
- http://www.securityfocus.com/bid/99072
- https://packetstormsecurity.com/files/142952/SAP-Successfactors-b1702p5e.1190658-Cross-Site-Scripting.html
- http://seclists.org/bugtraq/2017/Jun/27
- http://www.securityfocus.com/archive/1/540731/100/0/threaded
- http://www.securityfocus.com/bid/99072
- https://packetstormsecurity.com/files/142952/SAP-Successfactors-b1702p5e.1190658-Cross-Site-Scripting.html
Products affected by CVE-2017-9613
-
cpe:2.3:a:sap:successfactors:b1702p5e.1190658