An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
2022-09-13T16:15:09.110
2025-06-10T14:15:24.157
Modified
CVSSv3.1: 6.1 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | sap | netweaver_application_server_abap | 7.54 | Yes |
Application | sap | netweaver_application_server_abap | 7.81 | Yes |
Application | sap | netweaver_application_server_abap | 7.85 | Yes |
Application | sap | netweaver_application_server_abap | 7.89 | Yes |
Application | sap | netweaver_application_server_abap | kernel_7.77 | Yes |