CVE-2022-39799 Information

Description

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

Reference

https://launchpad.support.sap.com/#/notes/3229820 https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3