PT-2004-1644 · Sap · Business Objects Infoview+1

Published

2004-09-17

Updated

2017-07-11

CVE-2004-0534

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Business Objects InfoView versions 5.1.4 through 5.1.8 WebIntelligence versions 2.7.0 through 2.7.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.

Recommendations For Business Objects InfoView versions 5.1.4 through 5.1.8, avoid using document names that may contain malicious scripts when uploading documents until a fix is available. For WebIntelligence versions 2.7.0 through 2.7.4, restrict document uploads to trusted sources to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0534

Affected Products

Business Objects Infoview

Webintelligence

PT-2004-1644 · Sap · Business Objects Infoview+1

CVE-2004-0534

Related Identifiers

Affected Products

References · 6