CVE-2024-45278 Information

Description

SAP Commerce Backoffice does not sufficiently encode user controlled inputs resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Reference

https://me.sap.com/notes/3507545 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday