CVE-2023-42476

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 70.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Businessobjects WEB IntelligenceSAP Businessobjects WEB Intelligence
Timeline
PublishedDec 12

Description

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence2023-12-12
GHSA
GHSA-c9pm-pp53-grgr: SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which2023-12-12
CVE-2023-42476 (MEDIUM CVSS 6.8) | SAP Business Objects Web Intelligen | cvebase.io