GHSA-3c29-2h4x-fgg4
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 18, 2025 6:25 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.