Published: 13/11/2020 Updated: 24/11/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Fiori Launchpad \(news Tile Application\)

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized malicious user to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap fiori launchpad \\(news tile application\\) 750
sap fiori launchpad \\(news tile application\\) 751
sap fiori launchpad \\(news tile application\\) 752
sap fiori launchpad \\(news tile application\\) 753
sap fiori launchpad \\(news tile application\\) 754
sap fiori launchpad \\(news tile application\\) 755

CWE-79 https://launchpad.support.sap.com/#/notes/2984627 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26825

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect