CVE-2018-2486

Name of the Vulnerable Software and Affected Versions: SAP Marketing versions 1.20 through 1.40 SAP Marketing component SAPSCORE versions 1.13 through 1.14

Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to perform inter-site script attacks.

Recommendations: For SAP Marketing versions 1.20 through 1.40, update the UICUAN component to a version that properly encodes user-controlled inputs. For SAP Marketing component SAPSCORE versions 1.13 through 1.14, update the SAPSCORE component to a version that properly encodes user-controlled inputs. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.