Medium severity6.1NVD Advisory· Published Oct 9, 2018· Updated Jun 17, 2026
CVE-2018-2472
CVE-2018-2472
Description
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Affected products
2= 4.10, 4.20+ 1 more
- (no CPE)range: = 4.10, 4.20
- (no CPE)range: 4.10
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/105531nvdThird Party AdvisoryVDB Entry
- launchpad.support.sap.comnvdPermissions RequiredVendor Advisory
- wiki.scn.sap.com/wiki/pages/viewpage.actionnvdVendor Advisory
News mentions
0No linked articles in our index yet.