Cross site scripting

2016-12-3107:59:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.

CPENameOperatorVersion
hybrisge5.2.0
hybrislt5.2.0.13
hybrisge5.3.0
hybrislt5.3.0.11
hybrisge5.4.0
hybrislt5.4.0.11
hybrisge5.5.0
hybrislt5.5.0.10
hybrisge5.5.1
hybrislt5.5.1.11