CVE-2020-6201

Name of the Vulnerable Software and Affected Versions SAP Commerce (Testweb Extension) versions 6.6, 6.7, 1808, 1811, 1905

Description The issue arises from insufficient encoding of user-controlled inputs. Certain GET URL parameters are reflected in the HTTP responses without proper escaping or sanitization, leading to Reflected Cross Site Scripting.

Recommendations For versions 6.6, 6.7, 1808, 1811, 1905, ensure that user-controlled inputs are properly encoded and sanitized to prevent Reflected Cross Site Scripting. As a temporary workaround, consider restricting access to sensitive GET URL parameters until a proper fix is applied.