Reflected Cross-Site Scripting in SAP Fiori Launchpad
CVE-2020-6283
4.8MEDIUM
What is CVE-2020-6283?
SAP Fiori Launchpad suffers from a reflected Cross-Site Scripting vulnerability due to inadequate encoding of user-controlled inputs. This flaw allows attackers to inject malicious meta tags into the launchpad's HTML, potentially stealing sensitive user information, including authentication tokens and session data. Effective security measures should be implemented to mitigate the risks associated with this vulnerability.
Affected Version(s)
SAP Fiori(Launchpad) < 750 < 750
SAP Fiori(Launchpad) < 752 < 752
SAP Fiori(Launchpad) < 753 < 753