CVE-2018-2486

MEDIUM

SAP Marketing UICUAN 1.20-1.40 and SAPSCORE 1.13-1.14 - Cross-Site Scripting

Title source: llm

Description

SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106171

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2705204

Scores

CVSS v3 5.4

EPSS 0.0040

EPSS Percentile 60.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (5)

sap/marketing_sapscore 1.13

sap/marketing_sapscore 1.14

sap/marketing_uicuan 1.20

sap/marketing_uicuan 1.30

sap/marketing_uicuan 1.40

Published Dec 11, 2018

Tracked Since Feb 18, 2026