CVE-2020-6283

Name of the Vulnerable Software and Affected Versions SAP Fiori Launchpad (affected versions not specified)

Description The issue arises from insufficient encoding of user-controlled inputs, allowing an attacker to inject meta tags into the launchpad HTML using a vulnerable parameter. This results in a reflected Cross-Site Scripting (XSS) issue. A successful attack could enable the theft of a user's authentication information, including data related to their current session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.