2 matches found
CVE-2020-26825
SAP Fiori Launchpad News tile (News tile Application) suffers a Reflected XSS in versions 750–755 due to insufficient encoding of user-controlled inputs, enabling an unauthenticated attacker to send malicious code that can be read and potentially modified in the victim’s browser. Impact per recor...
CVE-2020-26815
CVE-2020-26815 concerns SAP Fiori Launchpad News tile Application, affected in versions 750–755. The connected sources describe a Server-Side Request Forgery (SSRF) vulnerability where an unauthenticated attacker can send a crafted request to a vulnerable web application, potentially exposing sen...