In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2023-01-10T03:05:47.922Z
Updated: 2024-08-02T04:54:32.587Z
Reserved: 2022-12-16T03:13:44.778Z
Link: CVE-2023-0015
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-10T04:15:09.680
Modified: 2024-11-21T07:36:23.863
Link: CVE-2023-0015
Redhat
No data.