• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Business Objects WebIntelligence Remote File Name HTML Injection Vulnerability

Reportedly Business Objects WebIntelligence is affected by a remote file name HTML injection vulnerability. This issue is due to a failure to sanitize file names prior to including them in dynamic web page content.

An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user, facilitating theft of cookie based authentication credentials. Other attacks are also possible.