CVE-2019-0262

Name of the Vulnerable Software and Affected Versions SAP WebIntelligence BILaunchPad versions 4.10, 4.20

Description The issue is related to insufficient encoding of user-controlled inputs in generated HTML reports, resulting in a Cross-Site Scripting (XSS) issue. This can be exploited by a remote attacker to perform inter-site scripting attacks.

Recommendations For versions 4.10 and 4.20, consider implementing input validation and encoding for all user-controlled inputs in generated HTML reports to prevent XSS attacks. As a temporary workaround, restrict access to the generated HTML reports until a proper fix is applied.