CVE-2016-6858

Name of the Vulnerable Software and Affected Versions SAP Hybris versions prior to 5.0.4.11 SAP Hybris versions 5.1.0.x prior to 5.1.0.11 SAP Hybris versions 5.1.1.x prior to 5.1.1.12 SAP Hybris versions 5.2.0.x SAP Hybris versions 5.3.0.x prior to 5.3.0.10 SAP Hybris versions 5.4.x prior to 5.4.0.9 SAP Hybris versions 5.5.0.x prior to 5.5.0.9 SAP Hybris versions 5.5.1.x prior to 5.5.1.10 SAP Hybris versions 5.6.x prior to 5.6.0.8 SAP Hybris versions 5.7.x prior to 5.7.0.9

Description A cross-site scripting (XSS) issue exists in the Create Employee feature of the Hybris Management Console (HMC) due to improper validation of user input in the Name field. This allows remote authenticated users to inject arbitrary web script or HTML.

Recommendations For versions prior to 5.0.4.11, update to version 5.0.4.11 or later. For versions 5.1.0.x prior to 5.1.0.11, update to version 5.1.0.11 or later. For versions 5.1.1.x prior to 5.1.1.12, update to version 5.1.1.12 or later. For versions 5.2.0.x, update to a version with the fix. For versions 5.3.0.x prior to 5.3.0.10, update to version 5.3.0.10 or later. For versions 5.4.x prior to 5.4.0.9, update to version 5.4.0.9 or later. For versions 5.5.0.x prior to 5.5.0.9, update to version 5.5.0.9 or later. For versions 5.5.1.x prior to 5.5.1.10, update to version 5.5.1.10 or later. For versions 5.6.x prior to 5.6.0.8, update to version 5.6.0.8 or later. For versions 5.7.x prior to 5.7.0.9, update to version 5.7.0.9 or later.