- Description
- SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client with no effect on availability.
- Source
- cna@sap.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cna@sap.com
- CWE-79
- Hype score
- Not currently trending
๐จ CVE-2025-24867 ๐ MEDIUM (6.1) ๐ข SAP_SE - SAP BusinessObjects Platform (BI Launchpad) ๐๏ธ ENTERPRISE 430 ๐ https://t.co/7vJz5l0ho1 ๐ https://t.co/f5sXJgkGmG #CyberCron #VulnAlert https://t.co/ccB3nivhjz
@cybercronai
12 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24867 SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an โฆ https://t.co/H4Sb9zyQzO
@CVEnew
11 Feb 2025
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes