SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2742468 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-08-14 07:15
Updated : 2019-08-19 06:58
NVD link : CVE-2019-0332
Mitre link : CVE-2019-0332
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sap
- businessobjects_business_intelligence