In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim’s browser context.
CPE | Name | Operator | Version |
---|---|---|---|
business_intelligence_and_reporting_tools | ge | 1.0.0 | |
business_intelligence_and_reporting_tools | le | 4.7.0 |