Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/01/2023 Updated: 13/01/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap businessobjects business intelligence platform 420
sap businessobjects business intelligence platform 430

CWE-79 https://launchpad.support.sap.com/#/notes/3266006 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-0018

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect