MEDIUM 5.4
CVE-2017-9613
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| sap | successfactors | Android | ≤b1702p5e.1190658 | cpe:2.3:a:sap:successfactors:*:*:*:*:*:*:*:* |
| sap | successfactors | iOS | ≤b1702p5e.1190658 | cpe:2.3:a:sap:successfactors:*:*:*:*:*:*:*:* |