Published: 13/12/2022 Updated: 07/11/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an malicious user to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap commerce webservices 2.0 1905
sap commerce webservices 2.0 2005
sap commerce webservices 2.0 2105
sap commerce webservices 2.0 2011
sap commerce webservices 2.0 2205

CWE-79 https://launchpad.support.sap.com/#/notes/3248255 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-41266

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect