4.1
CVE-2025-31326
- EPSS 0.14%
- Veröffentlicht 08.07.2025 00:34:21
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Default Statusunaffected
Version
ENTERPRISE 430
Status
affected
Version
2025
Status
affected
Version
2027
Status
affected
Version
ENTERPRISECLIENTTOOLS 430
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 4.1 | 2.3 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
|
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.