CVE-2004-0534

Name of the Vulnerable Software and Affected Versions Business Objects InfoView versions 5.1.4 through 5.1.8 WebIntelligence versions 2.7.0 through 2.7.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.

Recommendations For Business Objects InfoView versions 5.1.4 through 5.1.8, avoid using document names that may contain malicious scripts when uploading documents until a fix is available. For WebIntelligence versions 2.7.0 through 2.7.4, restrict document uploads to trusted sources to minimize the risk of exploitation.