cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-49584,https://securityvulnerability.io/vulnerability/CVE-2023-49584,Client-Side Desynchronization vulnerability in SAP Fiori Launchpad,"SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.

",SAP,SAP Fiori Launchpad,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-12-12T02:15:00.000Z,0
CVE-2022-39799,https://securityvulnerability.io/vulnerability/CVE-2022-39799,,"An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.",SAP,SAP Netweaver As Abap (SAP Gui For Html Within The Fiori LauncHPad),6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-09-13T15:43:40.000Z,0
CVE-2020-26825,https://securityvulnerability.io/vulnerability/CVE-2020-26825,,"SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.",SAP,SAP Fiori LauncHPad (news Tile Application),6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-11-13T14:28:00.000Z,0
CVE-2020-26815,https://securityvulnerability.io/vulnerability/CVE-2020-26815,,"SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.",SAP,SAP Fiori LauncHPad (news Tile Application),8.6,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2020-11-10T16:13:00.000Z,0
CVE-2020-6283,https://securityvulnerability.io/vulnerability/CVE-2020-6283,,"SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.",SAP,SAP Fiori(launcHPad),4.8,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-09-09T12:51:11.000Z,0
CVE-2020-6210,https://securityvulnerability.io/vulnerability/CVE-2020-6210,,"SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Fiori LauncHPad,4.7,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-03-10T20:21:04.000Z,0
CVE-2019-0395,https://securityvulnerability.io/vulnerability/CVE-2019-0395,,"SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform (fiori Bi LauncHPad),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-12-11T21:34:56.000Z,0
CVE-2019-0251,https://securityvulnerability.io/vulnerability/CVE-2019-0251,,"The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform (fiori LauncHPad),6.1,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2019-02-15T18:00:00.000Z,0