Vulnerability Details CVE-2018-2505
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/106151
- https://launchpad.support.sap.com/#/notes/2711425
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
- http://www.securityfocus.com/bid/106151
- https://launchpad.support.sap.com/#/notes/2711425
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
Products affected by CVE-2018-2505
-
cpe:2.3:a:sap:hybris:6.2
-
cpe:2.3:a:sap:hybris:6.3
-
cpe:2.3:a:sap:hybris:6.4
-
cpe:2.3:a:sap:hybris:6.5
-
cpe:2.3:a:sap:hybris:6.6
-
cpe:2.3:a:sap:hybris:6.7