CVE-2020-6368
SAP Business Planning and Consolidation, versions – 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
Source: CVE-2020-6368