CVE-2019-0311

2019-06-1216:11:08

sap

www.cve.org

0.001 Low

EPSS

Percentile

36.1%

JSON

Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious code there, resulting in Cross-Site Scripting (XSS) vulnerability.

CNA Affected

[
  {
    "product": "SAP R/3 Enterprise Application",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 6.0"
      },
      {
        "status": "affected",
        "version": "< 6.02"
      },
      {
        "status": "affected",
        "version": "< 6.03"
      },
      {
        "status": "affected",
        "version": "< 6.04"
      },
      {
        "status": "affected",
        "version": "< 6.05"
      },
      {
        "status": "affected",
        "version": "< 6.06"
      },
      {
        "status": "affected",
        "version": "< 6.16"
      },
      {
        "status": "affected",
        "version": "< 6.17"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2728153

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for CVELIST:CVE-2019-0311