Cross-Site Scripting Vulnerability in SAP Crystal Report Server
CVE-2011-4805

Currently unrated

Key Information:

Vendor: SAP
Status: Crystal Reports Server
Vendor: CVE Published:; 14 December 2011

Summary

A cross-site scripting (XSS) vulnerability exists in the pubDBLogon.jsp file of SAP Crystal Report Server 2008. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application through the service parameter, potentially compromising user data and application integrity. It emphasizes the need for enhanced validation and sanitization of inputs to mitigate such vulnerabilities.

References

http://www.securityfocus.com/archive/1/520560/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid...

x_refsource_CONFIRM

https://service.sap.com/sap/support/notes/1562292

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 14, 2011
Vulnerability Reserved
Dec 13, 2011