SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3483256 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2024-08-13 04:15
Updated : 2024-09-12 13:53
NVD link : CVE-2024-41735
Mitre link : CVE-2024-41735
CVE.ORG link : CVE-2024-41735
JSON object : View
Products Affected
sap
- commerce_backoffice
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')