CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://launchpad.support.sap.com/#/notes/2917381
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://launchpad.support.sap.com/#/notes/2917381
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Products affected by CVE-2020-6272

Sap » Commerce Cloud » Version: 1808

cpe:2.3:a:sap:commerce_cloud:1808
Sap » Commerce Cloud » Version: 1811

cpe:2.3:a:sap:commerce_cloud:1811
Sap » Commerce Cloud » Version: 1905

cpe:2.3:a:sap:commerce_cloud:1905
Sap » Commerce Cloud » Version: 2005

cpe:2.3:a:sap:commerce_cloud:2005

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6272

Products

Pricing

Contact Us