CVE-2020-6201 is a vulnerability in SAP Commerce Cloud
Published on March 10, 2020
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.
Products Associated with CVE-2020-6201
Want to know whenever a new CVE is published for SAP Commerce Cloud? stack.watch will email you.
Affected Versions
SAP SE SAP Commerce Cloud (Testweb Extension):- Version < 6.6 is affected.
- Version < 6.7 is affected.
- Version < 1808 is affected.
- Version < 1811 is affected.
- Version < 1905 is affected.
Exploit Probability
EPSS
0.37%
Percentile
58.48%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.