CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
References
Configurations

Configuration 1

cpe:2.3:a:sap:business_objects_business_intelligence_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:4.2:*:*:*:*:*:*:*

Information

Published : 2022-06-06 08:15

Updated : 2022-06-14 04:49


NVD link : CVE-2020-6220

Mitre link : CVE-2020-6220

Products Affected
No products.
CWE