Описание
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00547
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
EPSS
Процентиль: 67%
0.00547
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other