CVE-2025-0062Cross-site Scripting in SE SAP Businessobjects Business Intelligence Platform

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 71.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Businessobjects Business Intelligence Platform
Timeline
PublishedMar 11

Description

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in C

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages1 packages

CVEListV5sap_se/sap_businessobjects_business_intelligence_platform2025, ENTERPRISE 430, ENTERPRISECLIENTTOOLS 430+2

🔴Vulnerability Details

2
GHSA
GHSA-rm3r-668f-r32m: SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports2025-03-11
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)2025-03-11
CVE-2025-0062 — Cross-site Scripting | cvebase