Search criteria
9 vulnerabilities found for infoview by businessobjects
FKIE_CVE-2008-1894
Vulnerability from fkie_nvd - Published: 2008-04-18 22:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | infoview | * | |
| businessobjects | infoview | * | |
| businessobjects | infoview | * | |
| businessobjects | infoview | * | |
| businessobjects | infoview | * | |
| businessobjects | infoview | xi_r2 | |
| businessobjects | infoview | xi_r2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_fp3.4:*:*:*:*:*:*",
"matchCriteriaId": "DBE66AF9-30E9-490D-BB69-20B505B08E2B",
"versionEndIncluding": "xi_r2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.0:*:*:*:*:*:*",
"matchCriteriaId": "A61640CE-3827-4FF0-923E-A0DFB0EFF480",
"versionEndIncluding": "xi_r2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.1:*:*:*:*:*:*",
"matchCriteriaId": "3C24A21E-635D-4FDC-929F-C391051927E1",
"versionEndIncluding": "xi_r2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.2:*:*:*:*:*:*",
"matchCriteriaId": "A8566E9C-3A39-4181-A64A-5F5630135437",
"versionEndIncluding": "xi_r2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:*:sp3_ft3.3:*:*:*:*:*:*",
"matchCriteriaId": "A67FB433-D234-45E5-8DFB-2C24935CC366",
"versionEndIncluding": "xi_r2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:xi_r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A888565-DDF2-4861-8D72-3A7913ADEE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:xi_r2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "909B19BD-9CA1-4310-9F3D-9597807FDC58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en desktoplaunch/InfoView/logon/logon.object de BusinessObjects InfoView XI R2 SP1, SP2 y SP3 Java version antes de FixPack 3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cms."
}
],
"id": "CVE-2008-1894",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-18T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51450"
},
{
"source": "cve@mitre.org",
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29804"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28762"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0533
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | infoview | 5.1.4 | |
| businessobjects | infoview | 5.1.5 | |
| businessobjects | infoview | 5.1.6 | |
| businessobjects | infoview | 5.1.7 | |
| businessobjects | infoview | 5.1.8 | |
| businessobjects | webintelligence | 2.7 | |
| businessobjects | webintelligence | 2.7.1 | |
| businessobjects | webintelligence | 2.7.2 | |
| businessobjects | webintelligence | 2.7.3 | |
| businessobjects | webintelligence | 2.7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B12AEC6B-5077-47E6-8B54-90B712543AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F131CD-671F-4A6F-AEF3-0FDC6A7E5EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D3BFC4-E028-41DD-BC37-C85403EDE1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFC8418-5FC6-4B64-9203-F6AAEAF02CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88324C77-F20E-4E20-AA5D-D368679647E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F930C0-1A43-4278-9F6F-DD06D96DC97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "254A598E-EC81-416E-AB66-BA9072B19FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8F4AE-72BB-409E-A94E-611DF7FFEAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6321B477-A1D0-47C1-AF11-F667C936D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92270BD8-E8C9-47F9-93B7-ACCF863D9275",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"id": "CVE-2004-0533",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0534
Vulnerability from fkie_nvd - Published: 2004-09-17 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | infoview | 5.1.4 | |
| businessobjects | infoview | 5.1.5 | |
| businessobjects | infoview | 5.1.6 | |
| businessobjects | infoview | 5.1.7 | |
| businessobjects | infoview | 5.1.8 | |
| businessobjects | webintelligence | 2.7 | |
| businessobjects | webintelligence | 2.7.1 | |
| businessobjects | webintelligence | 2.7.2 | |
| businessobjects | webintelligence | 2.7.3 | |
| businessobjects | webintelligence | 2.7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B12AEC6B-5077-47E6-8B54-90B712543AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F131CD-671F-4A6F-AEF3-0FDC6A7E5EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D3BFC4-E028-41DD-BC37-C85403EDE1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFC8418-5FC6-4B64-9203-F6AAEAF02CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88324C77-F20E-4E20-AA5D-D368679647E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F930C0-1A43-4278-9F6F-DD06D96DC97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "254A598E-EC81-416E-AB66-BA9072B19FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8F4AE-72BB-409E-A94E-611DF7FFEAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6321B477-A1D0-47C1-AF11-F667C936D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92270BD8-E8C9-47F9-93B7-ACCF863D9275",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"id": "CVE-2004-0534",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-17T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-1894 (GCVE-0-2008-1894)
Vulnerability from cvelistv5 – Published: 2008-04-18 22:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf",
"refsource": "CONFIRM",
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"refsource": "OSVDB",
"url": "http://osvdb.org/51450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1894",
"datePublished": "2008-04-18T22:00:00",
"dateReserved": "2008-04-18T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0533 (GCVE-0-2004-0533)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webintelligence-url-delete-files(17422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0533",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-06-04T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0534 (GCVE-0-2004-0534)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0534",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-06-04T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1894 (GCVE-0-2008-1894)
Vulnerability from nvd – Published: 2008-04-18 22:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf",
"refsource": "CONFIRM",
"url": "http://resources.businessobjects.com/support/communitycs/FilesAndUpdates/boxir2_en_FixPack3.5_readme.pdf?recDnlReq=Record\u0026dnlPath=boxir2_en_FixPack3.5_readme.pdf"
},
{
"name": "29804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29804"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html"
},
{
"name": "28762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28762"
},
{
"name": "20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120818789018302\u0026w=2"
},
{
"name": "businessobjects-cms-xss(41875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41875"
},
{
"name": "51450",
"refsource": "OSVDB",
"url": "http://osvdb.org/51450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1894",
"datePublished": "2008-04-18T22:00:00",
"dateReserved": "2008-04-18T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0533 (GCVE-0-2004-0533)
Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webintelligence-url-delete-files(17422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0533",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-06-04T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0534 (GCVE-0-2004-0534)
Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0534",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-06-04T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}