CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 4.3

References

https://launchpad.support.sap.com/#/notes/2865229
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
https://launchpad.support.sap.com/#/notes/2865229
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Products affected by CVE-2020-6283

Sap » Fiori Launchpad » Version: 750

cpe:2.3:a:sap:fiori_launchpad:750
Sap » Fiori Launchpad » Version: 752

cpe:2.3:a:sap:fiori_launchpad:752
Sap » Fiori Launchpad » Version: 753

cpe:2.3:a:sap:fiori_launchpad:753
Sap » Fiori Launchpad » Version: 754

cpe:2.3:a:sap:fiori_launchpad:754
Sap » Fiori Launchpad » Version: 755

cpe:2.3:a:sap:fiori_launchpad:755

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6283

Products

Pricing

Contact Us