SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2965154 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-01-12T14:40:43
Updated: 2021-02-11T20:23:46
Reserved: 2020-12-30T00:00:00
Link: CVE-2021-21447
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-12T15:15:14.547
Modified: 2021-03-04T20:11:33.997
Link: CVE-2021-21447
JSON object: View
Redhat Information
No data.
CWE