CVE-2020-6272 is a vulnerability in SAP Commerce Cloud
Published on October 15, 2020

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.

NVD

Products Associated with CVE-2020-6272

Want to know whenever a new CVE is published for SAP Commerce Cloud? stack.watch will email you.

SAP Commerce Cloud

Affected Versions

SAP SE SAP Commerce Cloud:

Version < 1808 is affected.
Version < 1811 is affected.
Version < 1905 is affected.
Version < 2005 is affected.

Exploit Probability

EPSS

0.16%

Percentile

37.06%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-6272 is a vulnerability in SAP Commerce CloudPublished on October 15, 2020

Products Associated with CVE-2020-6272

Affected Versions

Exploit Probability

CVE-2020-6272 is a vulnerability in SAP Commerce Cloud
Published on October 15, 2020