CVE-2020-6200

Name of the Vulnerable Software and Affected Versions SAP Commerce (SmartEdit Extension) versions 6.6, 6.7, 1808, 1811

Description The issue is related to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.

Recommendations For versions 6.6, 6.7, 1808, 1811, consider disabling the angularjs template injection functionality until a patch is available. Restrict access to the templating facilities of the angular framework to minimize the risk of exploitation. Avoid using the vulnerable angularjs template injection in the affected SAP Commerce (SmartEdit Extension) until the issue is resolved.