Lucene search

[email protected]CVE-2008-1894

HistoryApr 18, 2008 - 10:05 p.m.

CVE-2008-1894

2008-04-1822:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1894

cross-site scripting

xss

businessobjects infoview

infoview xi r2

security vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.

Affected configurations

NVD

Node

businessobjectsinfoviewRange≤xi_r2sp3_fp3.4

businessobjectsinfoviewRange≤xi_r2sp3_ft3.0

businessobjectsinfoviewRange≤xi_r2sp3_ft3.1

businessobjectsinfoviewRange≤xi_r2sp3_ft3.2

businessobjectsinfoviewRange≤xi_r2sp3_ft3.3

businessobjectsinfoviewMatchxi_r2sp1

businessobjectsinfoviewMatchxi_r2sp2

CPENameOperatorVersion
businessobjects:infoviewbusinessobjects infoviewlexi_r2

CPE	Name	Operator	Version
businessobjects:infoview	businessobjects infoview	le	xi_r2

References

lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html

marc.info/?l=bugtraq&m=120818789018302&w=2

osvdb.org/51450

resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record&dnlPath=boxir2_en_FixPack3.5_readme.pdf

secunia.com/advisories/29804

www.securityfocus.com/bid/28762

exchange.xforce.ibmcloud.com/vulnerabilities/41875

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2008-1894

prion1 nvd1 cvelist1