- Description
- SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
- Source
- cna@sap.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "321A6FA2-0182-4C03-B367-80D2CE064493"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAD665A3-D351-4BDE-819F-C296F484F926"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "332B91C8-BE8B-4D64-AE82-04FAA946CE83"
}
],
"operator": "OR"
}
]
}
]