Cross-Site Scripting Vulnerability in SAP Business Objects BI Launchpad
CVE-2020-6281
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 July 2020
What is CVE-2020-6281?
The SAP Business Objects Business Intelligence Platform (BI Launchpad) version 4.2 is vulnerable to a Cross-Site Scripting (XSS) attack due to improper encoding of user-controlled inputs. This flaw allows an attacker to inject malicious scripts, which can then be executed in the context of other users' sessions, posing significant security risks as it may lead to data theft, session hijacking, and user impersonation. Proper validation and encoding mechanisms should be implemented to mitigate this vulnerability.
Affected Version(s)
SAP Business Objects Business Intelligence Platform (BI Launchpad) < 4.2