Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-0395 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. | 5.4 |
| 2019-11-13 | CVE-2019-0396 | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. | 7.1 |
| 2019-11-13 | CVE-2019-0382 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 5.4 |
| 2019-10-08 | CVE-2019-0378 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0377 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0376 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0375 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0374 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | 5.4 |