Severity
Medium
Analysis Summary
Certain input related to Administration Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Impact
Cross-Site Scripting
Affected Vendors
SAP
Affected Products
SAP BusinessObjects BI 4.2 and 4.3
Remediation
Vendor has released updates for the following product.
Apply SAP Note 2637997.