CVE-2020-14728: Vulnerability in SuiteCommerce Advanced Services

Cross-site Scripting (XSS) is a technique where malicious scripts may be injected into your website. Current versions of SuiteCommerce Advanced (SCA) may be vulnerable to CVE-2020-14728. These instructions describe how to protect your site from this vulnerability. To protect your site, implement two patches as described in the following table:

Patch Instruction	Description	Required For
XSS Vulnerability Patch 1	Overrides the Application.js or ServiceController.js file, depending on your release, to escape error messages.	Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2
XSS Vulnerability Patch 2	Overrides the Backbone.FormView.js file to transform HTML error messages.	Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2

Patch Instruction

Description

Required For

XSS Vulnerability Patch 1

Overrides the Application.js or ServiceController.js file, depending on your release, to escape error messages.

Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2

XSS Vulnerability Patch 2

Overrides the Backbone.FormView.js file to transform HTML error messages.

Denali, Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, and 2019.2

General Notices