CVE

Id
93677  
CVE No.
CVE-2016-6857  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.  
Phase
Assigned (20160818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
794320 93677 CVE-2016-6857 MISC:https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-685X_SAP-Hybris_XSS.txt  View
794321 93677 CVE-2016-6857 BID:93960  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
5374 JVNDB-2016-006147 QEMU の hw/display/vmware_vga.c の vmsvga_fifo_run 関数におけるサービス運用妨害 (DoS) の脆弱性 QEMU (別名 Quick Emulator) の hw/display/vmware_vga.c の vmsvga_fifo_run 関数には、サービス運用妨害 (境界外書き込みおよび QEMU プロセスクラッシュ) 状態にされる脆弱性が存在します。 CVE-2016-7170 93677 2.1 4.4 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-006147.html  View