Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1894

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1894
Last Modified 02 Apr 2009 01:33:31
Published 18 Apr 2008 06:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1894

Summary

Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.

Vulnerable Systems

Application

  • Businessobjects Infoview Xi R2


References

SECUNIA - 29804

CONFIRM - http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record&dnlPath=boxir2_en_FixPack3.5_readme.pdf

OSVDB - 51450

BUGTRAQ - 20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2

XF - businessobjects-cms-xss(41875)

BID - 28762


Last Updated: 27 May 2016 10:47:41