CVE-2022-22546

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 45.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects WEB Intelligence (BI Launchpad)SAP Businessobjects WEB Intelligence

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_objects_web_intelligence_(bi_launchpad)420

▶NVDsap/businessobjects_web_intelligence420

🔴Vulnerability Details

GHSA

GHSA-qp9c-ch5v-22fj: Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence↗2022-02-11

▶

CVEList

CVE-2022-22546: Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence↗2022-02-09

▶