28 matches found
EUVD-2016-7742
Malware in sbrugna...
EUVD-2016-7741
Malware in sbrugna...
EUVD-2016-7743
Malware in sbrugna...
EUVD-2018-14318
Malware in sbrugna...
EUVD-2016-7744
Malware in sbrugna...
The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.
The vulnerability of the Omni Commerce Connect OCC application interface in the SAP Commerce Cloud and SAP Hybris Commerce platforms is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the...
CVE-2019-0238
SAP Commerce previously known as SAP Hybris Commerce, before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0238
Summary: SAP Commerce (formerly SAP Hybris Commerce) before version 6.7 contains an XSS vulnerability caused by insufficient encoding of user-controlled inputs. This is documented in multiple sources (NVD CVE-2019-0238 and CNVD entry). Affected scope: pre-6.7 versions; no exact exploitation detai...
CVE-2018-2505
SAP Commerce (Hybris) storefronts are affected by an input validation issue that can lead to Cross-Site Scripting (XSS). The vulnerability arises from insufficient validation of user-controlled inputs. Fixed in SAP Hybris Commerce versions 6.2, 6.3, 6.4, 6.5, 6.6, and 6.7. The CVE describes a cli...
CVE-2018-2463
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
CVE-2018-2463
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
Server side request forgery (ssrf)
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
CVE-2018-2463
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
CVE-2016-6857
Cross-site scripting XSS vulnerability in the Create Catalogue feature in Hybris Management Console HMC in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote...
CVE-2016-6856
Cross-site scripting XSS vulnerability in the Inbox Search feature in Hybris Management Console HMC in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter...
CVE-2016-6858
Cross-site scripting XSS vulnerability in the Create Employee feature in Hybris Management Console HMC in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x...
CVE-2016-6857
Cross-site scripting XSS vulnerability in the Create Catalogue feature in Hybris Management Console HMC in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote...
Cross site scripting
Cross-site scripting XSS vulnerability in the Create Employee feature in Hybris Management Console HMC in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x...
Cross site scripting
Cross-site scripting XSS vulnerability in the Create Catalogue feature in Hybris Management Console HMC in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote...
CVE-2016-6856
Cross-site scripting XSS vulnerability in the Inbox Search feature in Hybris Management Console HMC in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter...