CVE-2018-2410: XSS
First published: Tue Apr 10 2018(Updated: )
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business One | =9.2 | |
| Sap Business One | =9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-2410.
What is the severity of CVE-2018-2410?
The severity of CVE-2018-2410 is medium with a CVSS score of 5.4.
What is the affected software?
The affected software is SAP Business One version 9.2 and 9.3.
How does the vulnerability manifest?
The vulnerability manifests as a Cross-Site Scripting (XSS) vulnerability.
Are there any references for CVE-2018-2410?
Yes, there are references available for CVE-2018-2410. You can find them at the following links: [SecurityFocus](http://www.securityfocus.com/bid/103704), [SAP Security Patch Day](https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/), [SAP Support Note](https://launchpad.support.sap.com/#/notes/2582870)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/sap
- canonical/sap business one
- version/sap business one/9.2
- version/sap business one/9.3