CVE-2022-41266

Name of the Vulnerable Software and Affected Versions SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205

Description The issue is due to a lack of proper input validation, allowing malicious inputs from untrusted sources. This can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack, potentially leading to the theft of user tokens and a full account takeover, including access to administrative tools in SAP Commerce.

Recommendations For versions 1905, 2005, 2105, 2011, 2205, update to a version that includes proper input validation to prevent malicious inputs from being processed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.