cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24867,https://securityvulnerability.io/vulnerability/CVE-2025-24867,Cross-Site Scripting Vulnerability in SAP BusinessObjects Platform,"The SAP BusinessObjects Platform, specifically the BI Launchpad, suffers from a significant security flaw due to inadequate handling of user input. This flaw enables an unauthenticated attacker to create a crafted link that includes a malicious script within an unprotected parameter. When a victim interacts with this link, the embedded script executes in the browser context, potentially allowing the attacker to manipulate or access sensitive information related to the user's session without impacting the overall system availability. It's essential for users to ensure their systems are protected against this vulnerability to safeguard against exploitation.",SAP,SAP Businessobjects Platform (bi LauncHPad),6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-11T00:35:34.021Z,0
CVE-2022-41203,https://securityvulnerability.io/vulnerability/CVE-2022-41203,Deserialization Vulnerability in SAP BusinessObjects BI Platform,"In specific workflows of the SAP BusinessObjects BI Platform, an authenticated attacker with low privileges may exploit a deserialization vulnerability. By intercepting a serialized object in system parameters and substituting it with a malicious counterpart, the attacker can trigger the deserialization of untrusted data. This exploitation has the potential to significantly undermine the confidentiality, integrity, and availability of system data, which may lead to unauthorized access or manipulation of sensitive information.",SAP,SAP Businessobjects Business Intelligence Platform (central Management Console And Bi LauncHPad),9.9,CRITICAL,0.001019999966956675,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-39800,https://securityvulnerability.io/vulnerability/CVE-2022-39800,Cross-Site Scripting Vulnerability in SAP BusinessObjects BI LaunchPad,"SAP BusinessObjects BI LaunchPad versions 420 and 430 are vulnerable to a cross-site scripting attack due to inadequate sanitization of user inputs during network interactions. This flaw allows an unauthenticated attacker to execute malicious scripts in the context of a user session. If exploited, it could lead to unauthorized viewing or modification of sensitive information, potentially compromising the confidentiality and integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform (bi LauncHPad),6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-10-11T00:00:00.000Z,0
CVE-2019-0395,https://securityvulnerability.io/vulnerability/CVE-2019-0395,Stored Cross Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform's Fiori BI Launchpad, prior to version 4.2, contains a security flaw that permits the execution of malicious JavaScript code within a text module. This vulnerability facilitates stored cross site scripting attacks, potentially allowing attackers to manipulate user sessions and steal sensitive data. Organizations utilizing vulnerable versions of this platform are urged to upgrade to mitigate the risks associated with this security issue.",SAP,SAP Businessobjects Business Intelligence Platform (fiori Bi LauncHPad),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-12-11T21:34:56.000Z,0