CVE-2025-24867

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Platform (BI Launchpad) (affected versions not specified)

Description: The issue arises from insufficient handling of user input, resulting in a Cross-Site Scripting (XSS) vulnerability. This allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.