SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.
[
{
"product": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 4.2"
}
]
}
]