CVE-2021-42061

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Web Intelligence) version 420

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This allows a low-privileged attacker to retrieve some data from the victim, but they will not be able to modify the document and publish these modifications to the server. The vulnerability impacts the "Quick Prompt" workflow.

Recommendations For SAP BusinessObjects Business Intelligence Platform (Web Intelligence) version 420, consider implementing proper input encoding to prevent Cross-Site Scripting (XSS) attacks, and restrict access to the "Quick Prompt" workflow until a fix is available.