SAP Knowledge Base Article - Preview

1832674 - XSS java script injection into Web Intelligence document's name

Symptom

It is possible to resubmit the Save / Save As dialogbox inside a HTTP traffic tool, and edit the name of the webi document to add Java script. This javascript will be executed, when clicking on the status field of a successful instance of this document (schedule).


Read more...

Environment

SAP BusinessIntelligence 4.0 SP 05

Product

SAP BusinessObjects Business Intelligence platform 4.0

Keywords

KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.