CVE-2019-0378
https://notcve.org/view.php?id=CVE-2019-0378
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante almacenar scripts maliciosos en el nombre de archivo de la imagen de fondo, resultando en una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0377
https://notcve.org/view.php?id=CVE-2019-0377
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante almacenar scripts maliciosos en los controles de entrada, resultando en una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0376
https://notcve.org/view.php?id=CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante almacenar scripts maliciosos en el nombre de la publicación, que pueden ser ejecutados por la víctima más tarde, resultando en una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0375
https://notcve.org/view.php?id=CVE-2019-0375
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el cuadro de diálogo de exportación del nombre del reporte, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0374
https://notcve.org/view.php?id=CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el título del gráfico, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •