CVE-2020-6272
MEDIUMSAP Commerce Cloud 1808, 1811, 1905, 2005 - Authenticated Stored Cross-Site Scripting in Web CMS Components
Title source: llmDescription
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2917381
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
sap/commerce_cloud
1808
sap/commerce_cloud
1811
sap/commerce_cloud
1905
sap/commerce_cloud
2005
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026