3 matches found
CVE-2004-0533
CVE-2004-0533 describes a vulnerability in Business Objects WebIntelligence 2.7.0–2.7.4 where client-side access controls allow an authenticated user to bypass restrictions and delete arbitrary server documents via a crafted InfoView delete request. The root cause is the lack of server-side enfor...
CVE-2004-0534
CVE-2004-0534 is a documented XSS in Business Objects InfoView 5.1.4–5.1.8 / WebIntelligence 2.7.0–2.7.4. The root cause is incomplete server‑side validation for the document name during upload, allowing arbitrary script/HTML via the filename. Impact: remote attacker can inject script, potentiall...
CVE-2008-1894
CVE-2008-1894 affects BusinessObjects InfoView XI R2 (SP1, SP2, SP3) Java version before FixPack 3.5. The vulnerability is an XSS in desktoplaunch/InfoView/logon/logon.object via the cms parameter, allowing remote attackers to inject arbitrary web script/HTML. Evidence from CVE records and NVD co...