Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
BID:12107
Info
Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12107 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 27 2004 12:00AM |
| Updated: | Dec 27 2004 12:00AM |
| Credit: | This issue was announced by the vendor. |
| Vulnerable: |
Business Objects Crystal Enterprise 10.0 Business Objects Crystal Enterprise 9.0 Business Objects Crystal Enterprise 8.5 |
| Not Vulnerable: | |
Discussion
Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
Business Objects Crystal Enterprise is prone to a cross-site scripting vulnerability.
An attacker could exploit this issue by enticing a user to following a malicious link to a Report (RPT) file. Malicious script embedded in the link could access properties of the vulnerable Crystal Enterprise site, allowing for various attacks such as theft of cookie-based authentication credentials.
Business Objects Crystal Enterprise is prone to a cross-site scripting vulnerability.
An attacker could exploit this issue by enticing a user to following a malicious link to a Report (RPT) file. Malicious script embedded in the link could access properties of the vulnerable Crystal Enterprise site, allowing for various attacks such as theft of cookie-based authentication credentials.
Exploit / POC
Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
Solution:
Fixes for specific platforms are available. Please see the referenced "URL to a RPT file may expose client-side source information with a script tag" knowledge base article for further information.
Business Objects Crystal Enterprise 10.0
Business Objects Crystal Enterprise 8.5
Business Objects Crystal Enterprise 9.0
Solution:
Fixes for specific platforms are available. Please see the referenced "URL to a RPT file may expose client-side source information with a script tag" knowledge base article for further information.
Business Objects Crystal Enterprise 10.0
-
Business Objects ce10critical_update_aix_de.tar.gz Dec 2004
Crystal Enterprise 10 for AIX (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_aix_de.tar.gz -
Business Objects ce10critical_update_aix_en.tar.gz Dec 2004
Crystal Enterprise 10 for AIX (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_aix_en.tar.gz -
Business Objects ce10critical_update_aix_fr.tar.gz Dec 2004
Crystal Enterprise 10 for AIX (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_aix_fr.tar.gz -
Business Objects ce10critical_update_aix_jp.tar.gz Dec 2004
Crystal Enterprise 10 for AIX (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_aix_jp.tar.gz -
Business Objects ce10critical_update_hp_de.tar.gz Dec 2004
Crystal Enterprise 10 for HP-UX (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_hp_de.tar.gz -
Business Objects ce10critical_update_hp_en.tar.gz Dec 2004
Crystal Enterprise 10 for HP-UX (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_hp_en.tar.gz -
Business Objects ce10critical_update_hp_fr.tar.gz Dec 2004
Crystal Enterprise 10 for HP-UX (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_hp_fr.tar.gz -
Business Objects ce10critical_update_hp_jp.tar.gz Dec 2004
Crystal Enterprise 10 for HP-UX (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_hp_jp.tar.gz -
Business Objects ce10critical_update_lin_de.tar.gz Dec 2004
Crystal Enterprise 10 for Linux (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_lin_de.tar.gz -
Business Objects ce10critical_update_lin_en.tar.gz Dec 2004
Crystal Enterprise 10 for Linux (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_lin_en.tar.gz -
Business Objects ce10critical_update_lin_fr.tar.gz Dec 2004
Crystal Enterprise 10 for Linux (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_lin_fr.tar.gz -
Business Objects ce10critical_update_lin_jp.tar.gz Dec 2004
Crystal Enterprise 10 for Linux (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_lin_jp.tar.gz -
Business Objects ce10critical_update_sol_de.tar.gz Dec 2004
Crystal Enterprise 10 for Solaris (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_sol_de.tar.gz -
Business Objects ce10critical_update_sol_en.tar.gz Dec 2004
Crystal Enterprise 10 for Solaris (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_sol_en.tar.gz -
Business Objects ce10critical_update_sol_fr.tar.gz Dec 2004
Crystal Enterprise 10 for Solaris (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_sol_fr.tar.gz -
Business Objects ce10critical_update_sol_jp.tar.gz Dec 2004
Crystal Enterprise 10 for Solaris (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic al_update_sol_jp.tar.gz -
Business Objects v10_critical_update_win.zip Dec 2004
Crystal Enterprise 10 for Windows
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critic al_update_win.zip
Business Objects Crystal Enterprise 8.5
-
Business Objects ce85critical_update_aix_de.tar.gz Dec 2004
Crystal Enterprise 8.5 for AIX (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_aix_de.tar.gz -
Business Objects ce85critical_update_aix_en.tar.gz Dec 2004
Crystal Enterprise 8.5 for AIX (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_aix_en.tar.gz -
Business Objects ce85critical_update_aix_fr.tar.gz Dec 2004
Crystal Enterprise 8.5 for AIX (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_aix_fr.tar.gz -
Business Objects ce85critical_update_aix_jp.tar.gz Dec 2004
Crystal Enterprise 8.5 for AIX (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_aix_jp.tar.gz -
Business Objects ce85critical_update_sol_de.tar.gz Dec 2004
Crystal Enterprise 8.5 for Solaris (German)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_sol_de.tar.gz -
Business Objects ce85critical_update_sol_en.tar.gz Dec 2004
Crystal Enterprise 8.5 for Solaris (English)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_sol_en.tar.gz -
Business Objects ce85critical_update_sol_fr.tar.gz Dec 2004
Crystal Enterprise 8.5 for Solaris (French)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_sol_fr.tar.gz -
Business Objects ce85critical_update_sol_jp.tar.gz Dec 2004
Crystal Enterprise 8.5 for Solaris (Japanese)
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic al_update_sol_jp.tar.gz -
Business Objects v85_critical_update_win.zip Dec 2004
Crystal Enterprise 8.5 for Windows
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v85_critic al_update_win.zip
Business Objects Crystal Enterprise 9.0
-
Business Objects v9_critical_update_win.zip Dec 2004
Crystal Enterprise 9 for Windows
http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critica l_update_win.zip
References
Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability
References:
References:
- URL to a RPT file may expose client-side source information with a script tag (Business Objects)
- Vendor Homepage (Business Objects)