Details of VAR-E-201203-0124

ID

VAR-E-201203-0124

EDB ID

36934

TITLE

SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting - ASP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36934

DESCRIPTION

SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting. CVE-80638 . webapps exploit for ASP platform

Trust: 0.6

sources: EXPLOIT-DB: 36934

AFFECTED PRODUCTS

vendor:	sap	model:	business objects infovew system	scope:	-	version:	-	Trust: 1.0
vendor:	sap	model:	business objects xi r2	scope:	-	version:	-	Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36934

EXPLOIT

source: https://www.securityfocus.com/bid/52361/info

SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP Business Objects XI R2 is vulnerable; other versions may be affected.

http://www.example.com/businessobjects/enterprise115/InfoView/listing.aspx
searchText=</script><script>alert(1);</script>

Trust: 1.0

sources: EXPLOIT-DB: 36934

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36934

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36934

TYPE

'listing.aspx?searchText' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 36934

CREDITS

vulns@dionach.com

Trust: 0.6

sources: EXPLOIT-DB: 36934

EXTERNAL IDS

db:	EXPLOIT-DB	id:	36934	Trust: 1.9
db:	BID	id:	52361	Trust: 1.9
db:	EDBNET	id:	58216	Trust: 0.6

sources: BID: 52361 // EXPLOIT-DB: 36934 // EDBNET: 58216

REFERENCES

url:	https://www.securityfocus.com/bid/52361/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36934/	Trust: 0.6
url:	http://www.sap.com/solutions/sapbusinessobjects/index.epx	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36936	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36934	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36935	Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36934 // EDBNET: 58216

SOURCES

db:	BID	id:	52361
db:	EXPLOIT-DB	id:	36934
db:	EDBNET	id:	58216

LAST UPDATE DATE

2022-07-27T09:30:25.322000+00:00

SOURCES UPDATE DATE

db:

BID

id:

52361

date:

2012-03-08T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	52361	date:	2012-03-08T00:00:00
db:	EXPLOIT-DB	id:	36934	date:	2012-03-08T00:00:00
db:	EDBNET	id:	58216	date:	2012-03-08T00:00:00