CVE-2020-14728: Vulnerability in SuiteCommerce Advanced Services
Cross-site Scripting (XSS) is a technique where malicious scripts may be injected into your website. Current versions of SuiteCommerce Advanced (SCA) may be vulnerable to CVE-2020-14728. These instructions describe how to protect your site from this vulnerability. To protect your site, implement two patches as described in the following table:
Patch Instruction |
Description |
Required For |
---|---|---|
Overrides the Application.js or ServiceController.js file, depending on your release, to escape error messages. |
Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2 |
|
Overrides the Backbone.FormView.js file to transform HTML error messages. |
Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2 |