CVE-2020-6210
published 2020-03-10CVE-2020-6210: SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | fiori_launchpad | — | — |
| sap | fiori_launchpad | — | — |
| sap_se | sap_fiori_launchpad | < 753 | 753 |
| sap_se | sap_fiori_launchpad | < 754 | 754 |