CVE-2004-2742

Name of the Vulnerable Software and Affected Versions Crystal Enterprise versions 8.5 through 10

Description A cross-site scripting (XSS) issue exists in the report viewer, allowing remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. This enables attackers to execute malicious code on the client-side.

Recommendations For Crystal Enterprise versions 8.5 through 10, consider disabling the report viewer functionality until a patch is available to prevent exploitation of this issue. Restrict access to RPT files to minimize the risk of arbitrary code injection.