cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-42472,https://securityvulnerability.io/vulnerability/CVE-2023-42472,Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface),"This vulnerability in SAP BusinessObjects Business Intelligence Platform (specifically the Web Intelligence HTML interface) allows authenticated users to upload files from their local systems. If an attacker intercepts the upload request, they can modify the content type and file extension, leading to unauthorized access to sensitive data and potential integrity issues. This exploit underscores the critical need for robust file type validation to prevent malicious file executions and safeguard application confidentiality.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),8.7,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-12T02:15:00.000Z,0
CVE-2021-21447,https://securityvulnerability.io/vulnerability/CVE-2021-21447,Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence platform versions 410 and 420 contain a vulnerability that allows an authenticated attacker to inject harmful JavaScript payloads into the custom value input field of an Input Control. When a user views the affected application content, the malicious script can be executed, enabling stored cross-site scripting (XSS) attacks that may compromise user data and application security.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-01-12T14:40:43.000Z,0
CVE-2020-6312,https://securityvulnerability.io/vulnerability/CVE-2020-6312,Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface is susceptible to stored Cross Site Scripting when certain web page properties are edited by a non-administrative user. This vulnerability allows attackers to manipulate how a browser interprets various page elements, potentially leading to unauthorized access or modification of metadata when users interact with affected web elements.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-09-09T12:40:12.000Z,0
CVE-2020-6222,https://securityvulnerability.io/vulnerability/CVE-2020-6222,Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform,"The SAP Business Objects Business Intelligence Platform, particularly its Web Intelligence HTML interface, exhibits a flaw due to inadequate encoding of user-controlled inputs. This vulnerability allows attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive information and user interactions. It is essential for organizations utilizing affected versions to implement security measures and apply available patches to enhance their defenses against potential exploitation.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-14T18:18:10.000Z,0
CVE-2019-0396,https://securityvulnerability.io/vulnerability/CVE-2019-0396,XML Document Validation Flaw in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform has a vulnerability in its Web Intelligence HTML interface that can be exploited through untrusted XML documents. The platform fails to adequately validate XML data, allowing attackers to inject malicious elements into documents. This can lead to security breaches during specific workflows, potentially exposing sensitive information or disrupting services.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),7.1,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-13T22:18:04.000Z,0
CVE-2019-0378,https://securityvulnerability.io/vulnerability/CVE-2019-0378,Stored Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface prior to version 4.2, is vulnerable to a stored cross-site scripting issue. This occurs due to insufficient encoding of user-controlled inputs, enabling attackers to inject malicious scripts into the file name of a background image. As a result, unsuspecting users may inadvertently execute these scripts, potentially leading to unauthorized data access and manipulation.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:25:44.000Z,0
CVE-2019-0377,https://securityvulnerability.io/vulnerability/CVE-2019-0377,Stored Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Platform,"The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface prior to version 4.2 lacks adequate encoding for user-controlled inputs. This weakness allows attackers to inject malicious scripts, leading to Stored Cross-Site Scripting (XSS). Such vulnerabilities can compromise web applications and user data, making it essential for organizations to apply patches or updates to safeguard their systems.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:24:50.000Z,0
CVE-2019-0376,https://securityvulnerability.io/vulnerability/CVE-2019-0376,Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"In the SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface prior to versions 4.2 and 4.3, insufficient encoding of user-controlled inputs allows attackers to inject and store malicious scripts in the publication names. These scripts may be executed later by unsuspecting users, posing a significant risk to their data integrity and security.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:23:56.000Z,0
CVE-2019-0375,https://securityvulnerability.io/vulnerability/CVE-2019-0375,Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface, is vulnerable due to insufficient encoding of user-controlled inputs in the export dialog box of the report name. This flaw permits the execution of arbitrary scripts, leading to reflected Cross-Site Scripting. Users interacting with the vulnerable interface may inadvertently execute malicious scripts injected into the report naming field. Protection strategies include sanitizing user inputs and keeping software versions updated to reduce exposure risks.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:22:26.000Z,0
CVE-2019-0374,https://securityvulnerability.io/vulnerability/CVE-2019-0374,Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface in versions prior to 4.2 and 4.3, is susceptible to reflected Cross-Site Scripting attacks. This vulnerability arises from inadequate encoding of user inputs in the chart title feature, allowing attackers to inject malicious scripts. When a victim interacts with the compromised chart, these scripts can execute in their browser, leading to potential data exposure or further exploits.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:21:30.000Z,0