Vulnerabilities > SAP > Commerce Backoffice > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-45278 Cross-site Scripting vulnerability in SAP Commerce Backoffice 2205/2211
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2024-08-13 CVE-2024-41735 Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-79
5.4