Page 7 of 67 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones - 4.1, 4.2, permite a un atacante con una cuenta de usuario no administrativa que puede editar determinadas propiedades de la página web, poder modificar como un navegador procesa elementos particulares de la página, conllevando a una vulnerabilidad de tipo Cross Site Scripting almacenado. En determinadas situaciones, cuando un usuario accede a un elemento de la página web afectada, el atacante será capaz de acceder o modificar metadatos para los que no está autorizado. • https://launchpad.support.sap.com/#/notes/2930128 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. SAP Business Objects Business Intelligence Platform (Central Management Console), versiones 4.2, 4.3, permite a un atacante con derechos de administrador poder usar la aplicación web para enviar código malicioso hacia un usuario final diferente (víctima), ya que no codifica suficientemente a las entradas controladas por el usuario para RecycleBin, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado • https://launchpad.support.sap.com/#/notes/2925827 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. Xvfb de SAP Business Objects Business Intelligence Platform, versiones - 4.2, 4.3, una plataforma en Unix no lleva a cabo ninguna comprobación de autenticación para las funcionalidades que requieren la identidad del usuario • https://launchpad.support.sap.com/#/notes/2927956 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. SAP Business Objects Business Intelligence Platform (bipodata), versión 4.2, no codifica suficientemente unas entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting • https://launchpad.support.sap.com/#/notes/2849967 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. SAP Business Objects Business Intelligence Platform (BI Launchpad), versión 4.2, no codifica suficientemente unas entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting • https://launchpad.support.sap.com/#/notes/2917743 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •