Vulnerability Details CVE-2004-2742
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/13644
- http://securitytracker.com/id?1012703
- http://support.businessobjects.com/library/kbase/articles/c2016559.asp
- http://www.osvdb.org/12596
- http://www.securityfocus.com/bid/12107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18684
- http://secunia.com/advisories/13644
- http://securitytracker.com/id?1012703
- http://support.businessobjects.com/library/kbase/articles/c2016559.asp
- http://www.osvdb.org/12596
- http://www.securityfocus.com/bid/12107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18684
Products affected by CVE-2004-2742
-
cpe:2.3:a:businessobjects:crystal_enterprise:10
-
cpe:2.3:a:businessobjects:crystal_enterprise:8.5
-
cpe:2.3:a:businessobjects:crystal_enterprise:9