Cross-Site Scripting in SAP Business Objects BI Platform by SAP
CVE-2020-6231
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 April 2020
What is CVE-2020-6231?
The SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), particularly in version 4.2, is susceptible to Cross-Site Scripting (XSS) attacks due to inadequate encoding of user-controlled inputs. This vulnerability allows attackers to inject malicious scripts, potentially compromising the security of users' sessions and exposing sensitive data. Implementing proper input validation and output encoding practices is essential to mitigate the risks associated with such vulnerabilities.
Affected Version(s)
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2