We can see in DM stack 1800 that the Fiori launchpad is using SAPUI5 1.52.13 which in turn uses jQuery 2.2.3, which is flagged as vulnerable to CVE-2020-11022 & CVE-202-11023
According to this note, SAPUI5 should be upgraded:
2941170 - Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5
Disclosure Management 10.1
jquery CVE-2020-11022 , KBA , EPM-DSM-ANN , Annual Statement/Internal Reporting , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.