SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the malicious user to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap fiori launchpad 753 |
||
sap fiori launchpad 754 |