Vigil@nce: SAP BusinessObjects Crystal Reports, several Cross Site Scripting
April 2009 by Vigil@nce
An attacker can use several parameters of the viewreport.asp
script in order to create several Cross Site Scripting on SAP
BusinessObjects Crystal Reports.
– Severity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 02/04/2009
IMPACTED PRODUCTS
– BusinessObjects
DESCRIPTION OF THE VULNERABILITY
The viewreport.asp script of SAP BusinessObjects Crystal Reports
displays reports which are generated by the product.
However, this script does not filter several of its parameters
before displaying them: ID, PROMPTEX-SESSION_ID, PROMPTEX-TO_DATE,
PROMPTEX-FROM_DATE, PROMPTEX-YEAR_QTR1, PROMPTEX-YEAR_QTR2,
PROMPTEX-YEAR_QTR3, PROMPTEX-YEAR_QTR4, PROMPTEX-YEAR_QTR5,
PROMPTEX-YEAR_QTR6, PROMPTEX-YEAR_QTR7, PROMPTEX-YEAR_QTR8 and
PROMPTEX-QT.
An attacker can therefore use them to create a Cross Site
Scripting in order to execute JavaScript code in web browsers of
visitors of the website.
CHARACTERISTICS
– Identifiers: BID-34341, VIGILANCE-VUL-8590
– Url: http://vigilance.fr/vulnerability/SAP-BusinessObjects-Crystal-Reports-several-Cross-Site-Scripting-8590
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2