CVE-2004-2742

Businessobjects Crystal Enterprise - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.

References (6)

Scores

EPSS 0.0051
EPSS Percentile 66.0%

Classification

CWE
CWE-79
Status draft

Affected Products (9)

businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise
businessobjects/crystal_enterprise

Timeline

Published Dec 31, 2004
Tracked Since Feb 18, 2026