PT-2019-11226 · Sap · Sap Commerce
Published
2019-06-12
·
Updated
2021-07-21
·
CVE-2019-0308
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
SAP E-Commerce (Business-to-Consumer application) versions 7.3, 7.31, 7.32, 7.33, 7.54
Description:
The issue allows an authenticated attacker to inject HTML code into the application, which will be executed when the victim logs in, potentially on a different machine. This can lead to code injection, enabling the attacker to change the price of a product to zero and complete checkout.
Recommendations:
For SAP E-Commerce (Business-to-Consumer application) versions 7.3, 7.31, 7.32, 7.33, 7.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Commerce