CVE-2021-42061
MEDIUMSAP BusinessObjects Business Intelligence Platform 420 - Cross-Site Scripting in Quick Prompt Workflow
Title source: llmDescription
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3103677
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Scores
CVSS v3
5.4
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
sap/businessobjects_business_intelligence_platform
420
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026