CVE-2020-6288

MEDIUM Year: 2020
CVSS v3 Score
4.6
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.

Related Vulnerabilities

CVE-2022-27562

MEDIUM
CVSS:4.6(Medium)

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.

CWE-4342022

CVE-2022-42449

MEDIUM
CVSS:4.6(Medium)

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications

CWE-4342022

CVE-2022-44760

MEDIUM
CVSS:4.6(Medium)

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.

CWE-4342022

CVE-2023-30791

MEDIUM
CVSS:4.6(Medium)

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.

CWE-4342023

CVE-2024-34692

MEDIUM
CVSS:4.6(Medium)

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed b...

CWE-4342024

CVE-2024-40513

MEDIUM
CVSS:4.6(Medium)

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.

CWE-4342024