Certain input related to Administration Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
SAP BusinessObjects BI 4.2 and 4.3
Vendor has released updates for the following product.
Apply SAP Note 2637997.