Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hybris vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-2505
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Sap Hybris 6.2
Sap Hybris 6.4
Sap Hybris 6.5
Sap Hybris 6.6
Sap Hybris 6.3
Sap Hybris 6.7
383
VMScore
CVE-2019-0238
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Hybris
1 Article
383
VMScore
CVE-2016-6856
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris prior to 6.0 allows remote malicious users to inject arbitrary web script or HTML via the itemsperpage parameter.
Sap Hybris
445
VMScore
CVE-2018-2463
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Sap Hybris
312
VMScore
CVE-2016-6857
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.2.0.13, 5.3.x prior to 5.3.0.11, 5.4.x prior to 5.4.0.11, 5.5.0.x prior to 5.5.0.10, 5.5.1.x prior to 5.5.1.11, 5.6.x prior to 5.6.0.11, and 5.7.x ...
Sap Hybris
312
VMScore
CVE-2016-6858
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.0.4.11, 5.1.0.x prior to 5.1.0.11, 5.1.1.x prior to 5.1.1.12, 5.2.0.x and 5.3.0.x prior to 5.3.0.10, 5.4.x prior to 5.4.0.9, 5.5.0.x prior to 5.5.0....
Sap Hybris
356
VMScore
CVE-2016-6859
Hybris Management Console (HMC) in SAP Hybris prior to 6.0 allows remote malicious users to obtain sensitive information by triggering an error and then reading a Java stack trace.
Sap Hybris
445
VMScore
CVE-2014-8871
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and previous versions, 5.0.0.3 and previous versions, 5.0.4.4 and previous versions, 5.1.0.1 and previous versions, 5.1.1.2 and previous versions, 5.2.0.3 and previous versions, and 5.3.0.1 and previous v...
Sap Hybris
445
VMScore
CVE-2020-26811
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated malicious user to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request l...
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1808
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1811
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1905
Sap Commerce Cloud \\(accelerator Payment Mock\\) 2005
445
VMScore
CVE-2019-0322
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Sap Commerce Cloud 6.6
Sap Commerce Cloud 1808
Sap Commerce Cloud 6.3
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1811
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »