CVE-2020-6272

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud versions 1808, 1811, 1905, 2005

Description The issue arises from insufficient encoding of user inputs, allowing an authenticated and authorized content manager to inject malicious script into several web CMS components. These scripts can be saved and later triggered when an affected web page is visited, resulting in a Cross-Site Scripting (XSS) issue.

Recommendations For SAP Commerce Cloud version 1808, update the input encoding mechanism to prevent malicious script injection. For SAP Commerce Cloud version 1811, update the input encoding mechanism to prevent malicious script injection. For SAP Commerce Cloud version 1905, update the input encoding mechanism to prevent malicious script injection. For SAP Commerce Cloud version 2005, update the input encoding mechanism to prevent malicious script injection.