CVE-2020-6278

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) versions 4.1, 4.2

Description The issue allows an attacker to embed malicious scripts in the application while uploading images. These scripts get executed when the victim opens the affected files, leading to Stored Cross Site Scripting.

Recommendations For versions 4.1 and 4.2, consider restricting image upload functionality until a fix is available. As a temporary workaround, avoid opening files from untrusted sources to minimize the risk of exploitation.