Vulnerabilities > SAP > Hybris > 6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0238 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-12-11 | CVE-2018-2505 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. | 6.1 |
| 2018-09-11 | CVE-2018-2463 | Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. | 8.6 |