Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2742

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2742
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2742

Summary

Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.

Vulnerable Systems

Application

  • Businessobjects Crystal Enterprise 10

  • Businessobjects Crystal Enterprise 8.5

  • Businessobjects Crystal Enterprise 9


References

BID - 12107

OSVDB - 12596

CONFIRM - http://support.businessobjects.com/library/kbase/articles/c2016559.asp

SECUNIA - 13644

XF - crystal-enterprise-report-xss(18684)

SECTRACK - 1012703


Last Updated: 27 May 2016 10:39:36