CVE-2023-42478 — Cross-site Scripting in SE Business Objects BI Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.6HIGHNVD

CNA7.5

EPSS

0.1%

top 83.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE Business Objects BI Platform SAP Business Objects Business Intelligence Platform

Timeline

PublishedDec 12

Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:NExploitability: 2.3 | Impact: 4.7

Affected Packages2 packages

▶NVDsap/business_objects_business_intelligence_platform420, 430+1

▶CVEListV5sap_se/business_objects_bi_platform420, 430+1

🔴Vulnerability Details

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform↗2023-12-12

▶

GHSA

GHSA-p3gc-r8gq-pqmv: SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which↗2023-12-12

▶