Vulnerabilities > SAP > Commerce Webservices 2 0 > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-41266 Cross-site Scripting vulnerability in SAP Commerce Webservices 2.0
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack.
network
low complexity
sap CWE-79
6.1