SAP BusinessObjects Multiple Input Validation Vulnerabilities(情報元のブックマーク数)
SAP BusinessObjectsに入力値が検証されていない脆弱性があって、クロスサイトスクリプティングとかができちゃうよって脆弱性が出ているそうだ。
SAP BusinessObjects is prone to multiple input-validation vulnerabilities, including cross-site scripting issues, remote URI-redirection issues, and information-disclosure issues, because the application fails to sufficiently sanitize user-supplied input.
http://www.securityfocus.com/bid/37900/discuss
An attacker can exploit these issues to steal cookie-based authentication credentials, perform phishing attacks, and obtain sensitive information. Other attacks are also possible.