SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap businessobjects business intelligence platform 4.0 |
||
sap businessobjects business intelligence platform 4.1 |
||
sap businessobjects business intelligence platform 4.2 |