CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6061

Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.3%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/141349/SAP-BusinessObjects-Financial-Consolidation-10.0.0.1933-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2017/Feb/69
http://www.securityfocus.com/bid/96461
http://www.securitytracker.com/id/1037910
http://packetstormsecurity.com/files/141349/SAP-BusinessObjects-Financial-Consolidation-10.0.0.1933-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2017/Feb/69
http://www.securityfocus.com/bid/96461
http://www.securitytracker.com/id/1037910

Products affected by CVE-2017-6061

Sap » Businessobjects Financial Consolidation » Version: 10.0.0.1933

cpe:2.3:a:sap:businessobjects_financial_consolidation:10.0.0.1933

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6061

Products

Pricing

Contact Us