CVE-2020-6200 is a vulnerability in SAP Commerce Cloud
Published on March 10, 2020
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.
Products Associated with CVE-2020-6200
Want to know whenever a new CVE is published for SAP Commerce Cloud? stack.watch will email you.
Affected Versions
SAP SE SAP Commerce Cloud (SmartEdit Extension):- Version < 6.6 is affected.
- Version < 6.7 is affected.
- Version < 1808 is affected.
- Version < 1811 is affected.
Exploit Probability
EPSS
0.40%
Percentile
60.38%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.