CVE-2020-26825 Information

Jun 07, 2022 cve

Description

SAP Fiori Launchpad (News tile Application) versions - 750751752753754755 allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code to a different end user (victim) because News tile does not sufficiently encode user controlled inputs resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim’s web browser can be read modified and sent to the attacker. The malicious code cannot significantly impact the victim’s browser and the victim can easily close the browser tab to terminate it.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com/#/notes/2984627 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: