XSS in Sap Businessobjects

CVE-2014-8308

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (64.9th percentile) — read the EPSS interpretation.

Affected products

Sap Businessobjects — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
20141008 [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting (mailing-list, x_refsource_FULLDISC)
sap-businessobjects-web-page-xss(96873) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20141008 [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting (mailing-list, x_refsource_BUGTRAQ)
70290 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)