CVE-2025-24867 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)

https://notcve.org/view.php?id=CVE-2025-24867

11 Feb 2025 — SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client with no effect on availability. • https://me.sap.com/notes/3445708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •