CVE-2019-0374

Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.387

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.0	Windows
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.1	Windows
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.2	Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.0	Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.1	Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.2	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234