SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
application.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 12 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap commerce Backoffice
CPEs cpe:2.3:a:sap:commerce_backoffice:hy_com_2205:*:*:*:*:*:*:*
Vendors & Products Sap
Sap commerce Backoffice

Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 04:00:00 +0000

Type Values Removed Values Added
Description SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
Title Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2024-08-13T14:44:24.355Z

Reserved: 2024-07-22T08:06:52.677Z

Link: CVE-2024-41735

cve-icon Vulnrichment

Updated: 2024-08-13T14:44:20.609Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T04:15:09.323

Modified: 2024-09-12T13:53:32.993

Link: CVE-2024-41735

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.