Cross-Site Scripting Vulnerability in SAP BusinessObjects Fiori Launchpad
CVE-2019-0251

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (fiori LauncHPad)
Vendor: CVE Published:; 15 February 2019

Summary

The Fiori Launchpad of SAP BusinessObjects, prior to versions 4.2 and 4.3, is susceptible to a Cross-Site Scripting vulnerability due to insufficient encoding of user-controlled inputs. Attackers can exploit this flaw to inject malicious scripts into web pages that users may visit, potentially compromising user data or performing malicious actions on behalf of the user. Organizations using affected versions should prioritize updating their products to safeguard against this vulnerability.