CVE-2020-6283: XSS
First published: Wed Sep 09 2020(Updated: )
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Fiori Launchpad | =750 | |
| SAP Fiori Launchpad | =752 | |
| SAP Fiori Launchpad | =753 | |
| SAP Fiori Launchpad | =754 | |
| SAP Fiori Launchpad | =755 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap fiori launchpad
- version/sap fiori launchpad/750
- version/sap fiori launchpad/752
- version/sap fiori launchpad/753
- version/sap fiori launchpad/754
- version/sap fiori launchpad/755