CVE-2011-4805
SAP Crystal Reports Server 2008 - Cross-Site Scripting via pubDBLogon.jsp Service Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520560/100/0/threaded
Various Sources x_refsource_confirm
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1562292
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=333
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (1)
sap/crystal_reports_server
2008
Published
Dec 14, 2011
Tracked Since
Feb 18, 2026