CVE-2023-42478

Summary

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SEBusiness Objects BI Platform420affected
SAP_SEBusiness Objects BI Platform430affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References