SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an malicious user to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap businessobjects business intelligence platform 4.0 |
||
sap businessobjects business intelligence platform 4.1 |
||
sap businessobjects business intelligence platform 4.2 |