CVE-2019-0378

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions prior to 4.2

Description The issue is related to insufficient encoding of user-controlled inputs, allowing an attacker to store malicious scripts in the file name of the background image, resulting in Stored Cross-Site Scripting. This can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting user input for the background image file name to minimize the risk of exploitation.