CVE-2019-0377

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions prior to 4.2

Description The issue is related to insufficient encoding of user-controlled inputs in the Web Intelligence HTML interface, allowing an attacker to store malicious scripts. This results in Stored Cross-Site Scripting, enabling a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.