4 matches found
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2020-6210
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...
WideStand CMS Cross-Site Scripting Vulnerability
WideStand CMS is a content management system from WideStand, Inc. A cross-site scripting vulnerability exists in WideStand CMS versions prior to 5.3.5 that stems from the direct use of the query's URL content to generate one of the meta tags, which would allow an attacker to inject HTML/Javascrip...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...