{"api_version":"1","generated_at":"2026-04-22T23:20:50+00:00","cve":"CVE-2004-0534","urls":{"html":"https://cve.report/CVE-2004-0534","api":"https://cve.report/api/cve/CVE-2004-0534.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-0534","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-0534"},"summary":{"title":"CVE-2004-0534","description":"Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-09-17 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/11209","name":"http://www.securityfocus.com/bid/11209","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Business Objects WebIntelligence Remote File Name HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17419","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17419","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"[Full-Disclosure] Mailing List Charter","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://secunia.com/advisories/12587/","name":"http://secunia.com/advisories/12587/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - WebIntelligence Document Deletion and Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html","name":"http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Neohapsis Archives - VulnWatch - #0057 - [VulnWatch] Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-0534","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-0534","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"infoview","cpe6":"5.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"infoview","cpe6":"5.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"infoview","cpe6":"5.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"infoview","cpe6":"5.1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"infoview","cpe6":"5.1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"webintelligence","cpe6":"2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"webintelligence","cpe6":"2.7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"webintelligence","cpe6":"2.7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"webintelligence","cpe6":"2.7.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"webintelligence","cpe6":"2.7.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T00:24:26.211Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"},{"name":"12587","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/12587/"},{"name":"11209","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/11209"},{"name":"20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","tags":["mailing-list","x_refsource_VULNWATCH","x_transferred"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"},{"name":"webintelligence-input-document-xss(17419)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-09-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"},{"name":"12587","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/12587/"},{"name":"11209","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/11209"},{"name":"20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","tags":["mailing-list","x_refsource_VULNWATCH"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"},{"name":"webintelligence-input-document-xss(17419)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-0534","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"},{"name":"12587","refsource":"SECUNIA","url":"http://secunia.com/advisories/12587/"},{"name":"11209","refsource":"BID","url":"http://www.securityfocus.com/bid/11209"},{"name":"20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue","refsource":"VULNWATCH","url":"http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"},{"name":"webintelligence-input-document-xss(17419)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-0534","datePublished":"2005-04-14T04:00:00.000Z","dateReserved":"2004-06-04T00:00:00.000Z","dateUpdated":"2024-08-08T00:24:26.211Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-09-17 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"B12AEC6B-5077-47E6-8B54-90B712543AF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"F0F131CD-671F-4A6F-AEF3-0FDC6A7E5EAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*","matchCriteriaId":"E2D3BFC4-E028-41DD-BC37-C85403EDE1D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5BFC8418-5FC6-4B64-9203-F6AAEAF02CC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*","matchCriteriaId":"88324C77-F20E-4E20-AA5D-D368679647E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*","matchCriteriaId":"18F930C0-1A43-4278-9F6F-DD06D96DC97E"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"254A598E-EC81-416E-AB66-BA9072B19FD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*","matchCriteriaId":"83D8F4AE-72BB-409E-A94E-611DF7FFEAB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*","matchCriteriaId":"6321B477-A1D0-47C1-AF11-F667C936D3C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*","matchCriteriaId":"92270BD8-E8C9-47F9-93B7-ACCF863D9275"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"534","Ordinal":"1","Title":"CVE-2004-0534","CVE":"CVE-2004-0534","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"534","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.","Type":"Description","Title":"CVE-2004-0534"},{"CveYear":"2004","CveId":"534","Ordinal":"2","NoteData":"2005-04-14","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"534","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}