| Vulnerability Name: | CVE-2016-6857 (CCN-120306) | ||||||||||||
| Assigned: | 2016-09-14 | ||||||||||||
| Published: | 2016-09-14 | ||||||||||||
| Updated: | 2019-03-07 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-6857 Source: BID Type: Third Party Advisory, VDB Entry 93960 Source: CCN Type: BID-93960 SAP Hybris Management Console CVE-2016-6857 HTML Injection Vulnerability Source: XF Type: UNKNOWN sap-hmc-cve20166857-xss(120306) Source: CCN Type: SAP Hybris Web site hybris Wiki: Dashboard Source: CCN Type: COMPASS SECURITY ADVISORY Multiple XSS Vulnerabilities in the Hybris Management Console (HMC) Source: MISC Type: Third Party Advisory https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-685X_SAP-Hybris_XSS.txt | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||