CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6200

The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://launchpad.support.sap.com/#/notes/2876413
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
https://launchpad.support.sap.com/#/notes/2876413
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

Products affected by CVE-2020-6200

Sap » Commerce Cloud » Version: 1808

cpe:2.3:a:sap:commerce_cloud:1808
Sap » Commerce Cloud » Version: 1811

cpe:2.3:a:sap:commerce_cloud:1811
Sap » Commerce Cloud » Version: 6.6

cpe:2.3:a:sap:commerce_cloud:6.6
Sap » Commerce Cloud » Version: 6.7

cpe:2.3:a:sap:commerce_cloud:6.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6200

Products

Pricing

Contact Us