SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.

Published : 2019-08-14 14:15 Updated : 2019-08-19 13:58

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Sap Businessobjects Business Intelligence 4.1 cpe:/a:sap:businessobjects_business_intelligence:4.1
Sap Businessobjects Business Intelligence 4.2 cpe:/a:sap:businessobjects_business_intelligence:4.2
Sap Businessobjects Business Intelligence 4.3 cpe:/a:sap:businessobjects_business_intelligence:4.3
  1. Sap (1) Search CVE
    1. Businessobjects Business Intelligence (3) Search CVE
      1. 4.1
      2. 4.2
      3. 4.3


ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-08-19 13:58
2019-08-14 15:00