CVE-2023-42476 MEDIUM

CVE-2023-42476: Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

Vendor Sap_Se
Product SAP BusinessObjects Web Intelligence
Weakness CWE-79 · XSS
Published December 12, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

Key dates

02Disclosure timeline

December 12, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation CVE-2022-47145 WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) CVE-2025-54676 WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability CVE-2025-7658 Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability