← Back

E Commerce

e-commerce

Vendor: Sap • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-0308
1Sap
1E Commerce
Nov 21, 2024
Jun 12, 2019
N/A· v4
6.8 MEDIUM· v3
3.5 LOW· v2
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the applic...Show more
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.Show less
CVE-2019-0298
1Sap
1E Commerce
Nov 21, 2024
May 14, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SH...Show more
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.Show less