CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45278 – Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
https://notcve.org/view.php?id=CVE-2024-45278
08 Oct 2024 — SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3507545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41735 – Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
https://notcve.org/view.php?id=CVE-2024-41735
13 Aug 2024 — SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3483256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •