SAP Knowledge Base Article - Preview

2874740 - BI4.x Cross-site scripting vulnerability when adding script in document title

Symptom

  • When entering "<img src=x onerror=prompt(2)>" in the title field of a new document or folder or hyperlink or publication, the script gets executed.
  • This behavior can allow malicious code to be injected.


Read more...

Environment

  • SAP BusinessObjects Business Intelligence platform 4.2 SP7 Patch3
  • SAP BusinessObjects Business Intelligence platform 4.2 SP7 Patch4
  • SAP BusinessObjects Business Intelligence platform 4.2 SP7 Patch5

Product

SAP BusinessObjects Business Intelligence platform 4.2

Keywords

BO 4, BI 4, create, run, running, popup, pop up, window. , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.