SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202