Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0534

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-0534
Last Modified 10 Sep 2008 03:26:46
Published 17 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0534

Summary

Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.

Vulnerable Systems

Application

  • Businessobjects Infoview 5.1.4

  • Businessobjects Infoview 5.1.5

  • Businessobjects Infoview 5.1.6

  • Businessobjects Infoview 5.1.7

  • Businessobjects Infoview 5.1.8

  • Businessobjects Webintelligence 2.7

  • Businessobjects Webintelligence 2.7.1

  • Businessobjects Webintelligence 2.7.2

  • Businessobjects Webintelligence 2.7.3

  • Businessobjects Webintelligence 2.7.4


References

XF - webintelligence-input-document-xss(17419)

SECUNIA - 12587

FULLDISC - 20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue

VULNWATCH - 20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue

BID - 11209


Last Updated: 27 May 2016 10:38:38