CVE-2016-6857

Name of the Vulnerable Software and Affected Versions SAP Hybris versions prior to 5.2.0.13 SAP Hybris versions 5.3.x prior to 5.3.0.11 SAP Hybris versions 5.4.x prior to 5.4.0.11 SAP Hybris versions 5.5.0.x prior to 5.5.0.10 SAP Hybris versions 5.5.1.x prior to 5.5.1.11 SAP Hybris versions 5.6.x prior to 5.6.0.11 SAP Hybris versions 5.7.x prior to 5.7.0.15

Description A cross-site scripting (XSS) issue exists in the Create Catalogue feature of the Hybris Management Console (HMC) due to improper validation of user input in the ID field. This allows remote authenticated users to inject arbitrary web script or HTML, potentially leading to unauthorized actions or data exposure.

Recommendations For SAP Hybris versions prior to 5.2.0.13, update to version 5.2.0.13 or later. For SAP Hybris versions 5.3.x prior to 5.3.0.11, update to version 5.3.0.11 or later. For SAP Hybris versions 5.4.x prior to 5.4.0.11, update to version 5.4.0.11 or later. For SAP Hybris versions 5.5.0.x prior to 5.5.0.10, update to version 5.5.0.10 or later. For SAP Hybris versions 5.5.1.x prior to 5.5.1.11, update to version 5.5.1.11 or later. For SAP Hybris versions 5.6.x prior to 5.6.0.11, update to version 5.6.0.11 or later. For SAP Hybris versions 5.7.x prior to 5.7.0.15, update to version 5.7.0.15 or later.