Hybris Security Vulnerabilities and Issues — Hybris CVE List

Lucene search

SapHybris

3 matches found

CVE•added 2019/01/08 8:29 p.m.•53 views

CVE-2019-0238

SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.00332EPSS

CVE•added 2018/12/11 11:0 p.m.•41 views

CVE-2018-2505

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).

6.1CVSS5.9AI score0.00443EPSS

CVE•added 2016/12/31 7:59 a.m.•32 views

CVE-2016-6856

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.

6.1CVSS6AI score0.00233EPSS