Описание
SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client with no effect on availability.
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client with no effect on availability.
Уязвимость компонента BI Launchpad платформы бизнес-аналитики SAP BusinessObjects Business Intelligence Platform, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
EPSS
6.1 Medium
CVSS3