Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
CPE | Name | Operator | Version |
---|---|---|---|
pentaho_business_analytics | ge | 9.2.0.0 | |
pentaho_business_analytics | lt | 9.2.0.4 | |
pentaho_business_analytics | lt | 8.3.0.27 |