CVE-2023-42478

high

Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

https://me.sap.com/notes/3382353

Details

Source: Mitre, NVD

Published: 2023-12-12

Updated: 2023-12-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Severity: High

EPSS

EPSS: 0.00145