CVE-2025-27434

Name of the Vulnerable Software and Affected Versions SAP Commerce (affected versions not specified)

Description The issue is caused by insufficient input validation in SAP Commerce (Swagger UI), allowing an unauthenticated attacker to inject malicious code from remote sources. This can be leveraged to execute a cross-site scripting (XSS) attack, potentially leading to a high impact on data confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.