{"vulnerability": "CVE-2022-41266", "sightings": [{"uuid": "6d2ca205-fe2f-4c79-9bfb-bf71f7e30320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41266", "type": "seen", "source": "https://t.me/cibsecurity/54379", "content": "\u203c CVE-2022-41266 \u203c\n\nDue to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T07:21:28.000000Z"}]}