2 matches found
CVE-2019-0308
An authenticated attacker in SAP E-Commerce Business-to-Consumer application, versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even...
CVE-2019-0308
SAP E-Commerce (Business-to-Consumer) vulnerable in versions 7.3, 7.31, 7.32, 7.33, and 7.54 due to an HTML injection that executes during user login. This allows an authenticated attacker to alter product prices to zero and perform checkout, revealing a Code Injection risk. Root cause is imprope...