CVE-2008-1894
Published Apr 18, 2008
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_fp3.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBE66AF9-30E9-490D-BB69-20B505B08E2B",
"versionEndIncluding": "xi_r2"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A61640CE-3827-4FF0-923E-A0DFB0EFF480",
"versionEndIncluding": "xi_r2"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C24A21E-635D-4FDC-929F-C391051927E1",
"versionEndIncluding": "xi_r2"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8566E9C-3A39-4181-A64A-5F5630135437",
"versionEndIncluding": "xi_r2"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A67FB433-D234-45E5-8DFB-2C24935CC366",
"versionEndIncluding": "xi_r2"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:xi_r2:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A888565-DDF2-4861-8D72-3A7913ADEE2F"
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:xi_r2:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "909B19BD-9CA1-4310-9F3D-9597807FDC58"
}
],
"operator": "OR"
}
]
}
]