Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2008-04-18	CVE-2008-1894	Cross-Site Scripting vulnerability in Businessobjects Infoview Xir2 Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter. network businessobjects CWE-79	4.3
2004-09-17	CVE-2004-0534	Remote File Name HTML Injection vulnerability in Businessobjects Infoview and Webintelligence Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. network businessobjects	4.3