3 matches found
CVE-2017-6061
The CVE covers a Cross-Site Scripting (XSS) vulnerability in the SAP BusinessObjects Financial Consolidation 10.0.0.1933 product, exposed through the help component. Specifically, an attacker can trigger XSS by crafting a GET request to the help UI, notably /finance/help/en/frameset.htm, potentia...
CVE-2017-14516
SAP Business Objects Financial Consolidation is affected by a Cross-Site Scripting (XSS) vulnerability prior to 2017-06-13 (SAP Security Note 2422292). The issue is documented across multiple sources (NVD/CNVD/CVE records) with common description: XSS in the Financial Consolidation component befo...
CVE-2018-2444
CVE-2018-2444 affects SAP BusinessObjects Financial Consolidation, versions 10.0 and 10.1. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs. The CNVD/NVD entries describe a remote-exploitation scenario where an attacker could inject ...