CVE-2020-6278
MEDIUMSAP BusinessObjects Business Intelligence Platform 4.1-4.2 - Stored Cross-Site Scripting via Image Upload
Title source: llmDescription
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2912708
Scores
CVSS v3
5.4
EPSS
0.0014
EPSS Percentile
33.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
sap/businessobjects_business_intelligence_platform
4.1
sap/businessobjects_business_intelligence_platform
4.2
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026