CVE-2008-1894

Name of the Vulnerable Software and Affected Versions BusinessObjects InfoView XI R2 versions SP1 through SP3 Java version before FixPack 3.5

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the cms parameter.

Recommendations For BusinessObjects InfoView XI R2 versions SP1 through SP3 Java version before FixPack 3.5, update to a version that includes FixPack 3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the logon.object in desktoplaunch/InfoView/logon/ to minimize the risk of exploitation. Avoid using the cms parameter in the affected endpoint until the issue is resolved.