2 matches found
CVE-2019-0298
The CVE-2019-0298 entry affects SAP E-Commerce (B2C) with a vulnerability caused by insufficient encoding of user-controlled inputs, resulting in cross-site scripting (XSS). Affected components are SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, and SAP-SHRAPP, across versions 7.30, 7...
CVE-2019-0308
SAP E-Commerce (Business-to-Consumer) vulnerable in versions 7.3, 7.31, 7.32, 7.33, and 7.54 due to an HTML injection that executes during user login. This allows an authenticated attacker to alter product prices to zero and perform checkout, revealing a Code Injection risk. Root cause is imprope...