CVE-2009-4521

Name of the Vulnerable Software and Affected Versions Eclipse Business Intelligence and Reporting Tools (BIRT) versions prior to 2.5.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the report parameter in the birt-viewer/run component. This could potentially lead to unauthorized actions on the affected web application.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the birt-viewer/run component to minimize the risk of exploitation. Avoid using the report parameter in the affected API endpoint until the issue is resolved.