CVE

Id
93678  
CVE No.
CVE-2016-6858  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.  
Phase
Assigned (20160818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
794322 93678 CVE-2016-6858 MISC:https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-685X_SAP-Hybris_XSS.txt  View
794323 93678 CVE-2016-6858 BID:93966  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
5346 JVNDB-2016-006119 Symantec NetBackup 用 NetApp Plug-in におけるサーバになりすまされる脆弱性 Symantec NetBackup 用 NetApp Plug-in は、固有でないサーバ証明書を使用するため、サーバになりすまされる脆弱性が存在します。 CVE-2016-7171 93678 6.8 5.6 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-006119.html  View