CVE-2010-3981
SAP BusinessObjects Enterprise XI 3.2 - Cross-Site Scripting via ServiceClass Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/68680
Scores
EPSS
0.0022
EPSS Percentile
45.1%
Details
CWE
CWE-79
Status
published
Products (1)
sap/businessobjects
3.2
Published
Oct 18, 2010
Tracked Since
Feb 18, 2026