CVE-2023-42478
Global infos:
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | NETWORK |
| Availability Impact | LOW |
| Base Score | 7.5 |
| Base Severity | HIGH |
| Confidentiality Impact | LOW |
| Integrity Impact | HIGH |
| Privileges Required | HIGH |
| Scope | CHANGED |
| User Interaction | REQUIRED |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L |
| Exploitability Score | 1.7 |
| Impact Score | 5.3 |
| Source | [email protected] |
| Type | Secondary |