SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.

Related CVEs

CVE-2021-42061

Key Information

GHSA ID

GHSA-3h3c-qxj3-9h67

Published

December 15, 2021 12:00 AM

Last Modified

December 17, 2021 12:00 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 26, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.