CVE-2008-1894

Sažetak

Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html
http://marc.info/?l=bugtraq&m=120818789018302&w=2
http://osvdb.org/51450
http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record&dnlPath=boxir2_en_FixPack3.5_readme.pdf
http://secunia.com/advisories/29804
http://www.securityfocus.com/bid/28762
https://exchange.xforce.ibmcloud.com/vulnerabilities/41875

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:30

Objavljeno

18-04-2008 - 22:05