漏洞标题
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 存在跨站脚本漏洞
漏洞描述信息
SAP BusinessObjects 商业智能平台允许攻击者在 Web Intelligence 报告中注入 JavaScript 代码。此代码会在受害者每次访问易受攻击的页面时在受害者的浏览器中执行。成功利用此漏洞后,攻击者可能对受害者的浏览器范围内的机密性和完整性造成有限影响,但不会对可用性造成影响。此漏洞仅在管理员在中央管理控制台中启用脚本/HTML 执行时才会发生。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
漏洞描述信息
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)