SAP Commerce SmartEdit Extension AngularJS Template Injection Vulnerability

Vulnerability

A client-side AngularJS template injection vulnerability, which is a variant of Cross-Site Scripting (XSS), has been identified in the SAP Commerce SmartEdit Extension. This issue affects versions 6.6, 6.7, 1808, and 1811. The vulnerability arises from the exploitation of the templating capabilities of the Angular framework.

Impact

Exploitation of this vulnerability allows for client-side AngularJS template injection, leading to a Cross-Site Scripting (XSS) vulnerability.

Added: May 15, 2026, 9:24 AM

Updated: May 15, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Commerce SmartEdit Extension AngularJS Template Injection Vulnerability

Vulnerability

Impact

Affected Products

SAP Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating