Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote malicious users to inject arbitrary web script or HTML via the cms parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
businessobjects infoview |
||
businessobjects infoview xi_r2 |