CVE-2019-0262
published 2019-02-15CVE-2019-0262: SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | businessobjects_bi_platform | — | — |
| sap | businessobjects_bi_platform | — | — |
| sap_se | sap_webintelligence_bilaunchpad | < 4.10 | 4.10 |
| sap_se | sap_webintelligence_bilaunchpad | < 4.20 | 4.20 |