CVE-2021-33696

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform (Crystal Report) versions 420, 430

Description: The issue arises from insufficient encoding of user-controlled inputs, allowing an authorized attacker to exploit a XSS vulnerability. This can lead to non-permanent defacement or modification of displayed content from a website.

Recommendations: For versions 420 and 430, consider restricting access to user-controlled input fields to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, disabling the feature that allows user input may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.