XSS in Sap Businessobjects

CVE-2010-3981

Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (45.4th percentile) — read the EPSS interpretation.

Affected products

Sap Businessobjects — versions 3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (Exploit, x_refsource_MISC)
68680 (x_refsource_OSVDB, vdb-entry)