Posted by NL Deloitte Zero Day (NL – Amsterdam) on Feb 27

Hi list,

We have found a Cross-site scripting vulnerability in SAP BusinessObjects Financial Consolidation.

[Description]
Cross-site scripting (XSS) vulnerability in the help component of SAP
BusinessObjects Financial Consolidation 10.0.0.1933 allows remote
attackers to inject arbitrary web script or HTML via a GET request.

——————————————

[Additional Information]
The help pages of SAP BusinessObjects Financial…