CVE-2020-6300
published 2020-08-12CVE-2020-6300: SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | businessobjects_business_intelligence_platform | — | — |
| sap | businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_business_objects_business_intelligence_platform | < 4.2 | 4.2 |
| sap_se | sap_business_objects_business_intelligence_platform | < 4.3 | 4.3 |