Symptom
- XSS - Cross-site Scripting (Post Authentication) :
- The application is vulnerable to cross-site scripting after authentication. The script does not properly
validate the input parameters, allowing scripts to be injected and then used to compromise client's
confidential information, such as the Session ID. In addition, more sophisticated phishing attacks make use of this vulnerability to even trick security aware users. - Seen when </script><script>alert1</script> is added in Infoview URL post login of the user.
Read more...
Environment
- SAP BusinessObjects XI 3.1 Service Pack 5
- Third party app scan tool used: BURP
Product
SAP BusinessObjects Enterprise XI 3.0
Keywords
injection, sql,error,cross,fix,issue,release,version,bug,cross,site,script,aix,solaris , KBA , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.