9 lines
No EOL
690 B
Text
9 lines
No EOL
690 B
Text
source: http://www.securityfocus.com/bid/34341/info
|
|
|
|
SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability.
|
|
|
|
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
|
|
|
|
NOTE: This issue may be related to the one described in BID 12107 (Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability). We will update or retire this BID when more information emerges.
|
|
|
|
https://www.example.com/some/path/viewreport.asp?url=viewrpt.cwr?ID=7777"%0d%0awindow.alert%20"fsck_cissp^^INIT=actx:connect |