cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24874,https://securityvulnerability.io/vulnerability/CVE-2025-24874,Clickjacking Vulnerability in SAP Commerce Backoffice,"SAP Commerce's Backoffice currently employs the deprecated X-FRAME-OPTIONS header to mitigate clickjacking attacks. While effective now, there are concerns that future browser updates may eliminate support for this header, replacing it with the frame-ancestors Content Security Policy directive. Such changes could leave systems vulnerable to clickjacking attempts, potentially allowing attackers to manipulate and gain access to sensitive information. Businesses using SAP Commerce should evaluate their security posture and prepare for this possible transition.",SAP,SAP Commerce (backoffice),6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T00:37:22.842Z,0
CVE-2024-45278,https://securityvulnerability.io/vulnerability/CVE-2024-45278,SAP Commerce Backoffice vulnerable to XSS,"SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.",SAP,SAP Commerce Backoffice,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-08T03:21:25.904Z,0
CVE-2024-41735,https://securityvulnerability.io/vulnerability/CVE-2024-41735,SAP Commerce Backoffice Unsecured User-Controlled Inputs Lead to Cross-Site Scripting (XSS) Vulnerability,"SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
application.",SAP,SAP Commerce Backoffice,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-13T03:49:48.215Z,0
CVE-2021-27619,https://securityvulnerability.io/vulnerability/CVE-2021-27619,Information Disclosure Vulnerability in SAP Commerce Backoffice Search,"SAP Commerce, specifically within its Backoffice Search functionality, presents a vulnerability where low privileged users can perform searches for attributes intended to remain concealed. Despite the search results being masked, users can exploit the system by incrementally inputting characters, enabling them to reveal sensitive attribute values and leading to potential information disclosure. This flaw poses risks to the confidentiality of user data and requires prompt attention to mitigate potential exposure.",SAP,SAP Commerce (backoffice Search),6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2021-05-11T14:19:33.000Z,0