CVE-2018-2410

Sažetak

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.

Reference

http://www.securityfocus.com/bid/103704
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
https://launchpad.support.sap.com/#/notes/2582870

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:40

Objavljeno

10-04-2018 - 15:29