Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform
CVE-2019-0376
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 October 2019
What is CVE-2019-0376?
In the SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface prior to versions 4.2 and 4.3, insufficient encoding of user-controlled inputs allows attackers to inject and store malicious scripts in the publication names. These scripts may be executed later by unsuspecting users, posing a significant risk to their data integrity and security.
Affected Version(s)
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2 < 4.2
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.3 < 4.3